Singapore police recommend hardware wallets against crypto drainers

Singapore authorities issued a cybersecurity warning to citizens after taking notice of the rising use of cryptocurrency drainers or wallet drainers for stealing funds from investors across the ecosystem.

The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) issued a joint advisory to raise awareness against cyberattacks involving crypto drainers, a type of malware that targets crypto wallets. Phishing attacks make use of crypto drainers to extract funds from users’ wallets without authorization.

The authorities raised concerns about commercial crypto draining kits, which allow novice cybercriminals to arm up with sophisticated malware at no upfront costs. Instead, attackers using the drainer-as-a-service (DaaS) model will split a pre-determined percentage of the loot with the service provider.

As pointed out by the SPF and CSA pointed out, crypto-drainer-related attacks start with phishing campaigns — usually involving hacking into prominent social media accounts or sending out fraudulent emails to users from hacked databases of major service providers.

Unsuspecting victims who end up clicking the phishing links get redirected to a fake trading website that prompts users to connect their Web3 wallets. A malicious smart contract is then injected into the victim’s system, allowing hackers to withdraw funds without further authorization.

Such an attack has not yet been reported in Singapore, according to the advisory. However, the practice has gained recognition among hackers. MS Drainer, a popular off-the-shelf crypto drainer, helped hackers steal $59 million worth of cryptocurrency in 2023.

The stolen funds are often siphoned out using services that deter traceability, such as cryptocurrency mixers, and heavily reduce chances for recovery.

Singapore authorities recommended the use of hardware wallets for security against wallet drainer attacks, among other precautions. While advising crypto investors to do thorough research, the advisory asks Singaporeans to report any such incident to the authorities and the crypto service providers.

Most importantly, in such instances, victims must revoke any suspicious token approvals and transfer the remaining funds to a different secure wallet address to avoid further loss of funds.

Main, News