Singapore issues warning on rising ‘crypto drainer’ phishing scams
Singaporean authorities have recently issued a joint advisory through the Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA), cautioning crypto traders about the escalating menace of digital asset wallet drainers.
In their Jan. 31 advisory, the SPF and CSA highlighted crypto drainers’ pivotal role in phishing attacks, specifically helping malicious players target crypto investors’ digital assets such as tokens and NFTs.
Crypto wallet drainers are malicious tools deployed in phishing attacks. In these attacks, victims are duped into clicking on suspicious links or opening files. This manipulation leads to the unwitting approval of questionable transactions, which in turn leads to the theft of digital assets.
The modus operandi typically involves bad actors leveraging compromised social media or email accounts of reputable entities to propagate their phishing campaigns. Subsequently, they employ these drainers to siphon off the assets of individuals who fall prey to these tactics.
Drainers have recently seen a surge in popularity due to the various commercial Drainer-as-a-Service (DaaS) models. Threat actors can now utilize DaaS to steal from unsuspecting individuals and plan to compensate the service providers with a certain percentage of their illicit revenue.
Despite no reported cases in Singapore, the authorities strongly advised crypto investors to adopt strong precautionary measures like utilizing hardware wallets, scrutinizing smart contracts, and safeguarding seed phrases, among other security practices.
Escalating threat
The advisory from Singapore comes amid a notable increase in crypto-draining incidents. Blockchain security firm Scam Sniffer reported that over $10 million was stolen from four victims in the past week. These attacks, involving diverse collateral tokens, were executed through phishing tactics.
Notably, these wallet drainers stole around $300 million from more than 300,000 victims last year. In a singular incident, a wallet drainer absconded with $24.23 million in liquid-staked Ethereum, $8.58 million in rETH, and $15.63 million in stETH.
As phishing scams proliferate, on-chain sleuth ZachXBT has urged investors and firms to fortify their accounts against sim swaps by taking their accounts’ security seriously.