Singapore Authorities Alert Cybersecurity Regarding Crypto Drainers Threats

JAKARTA - Singapore authorities issued a cybersecurity warning to their citizens after paying attention to the increase in the use of crypto drainages or "wallet drainages" to steal funds from investors throughout the crypto ecosystem.

Singapore Police (SPF) and Singapore Cybersecurity Agency (CSA) issued a joint warning to raise awareness of cyber attacks involving crypto Drainers, a type of malware targeting crypto wallets. Phishing attacks use crypto-drainers to extract funds from user wallets without permission.

Authorities expressed concern about the commercial software called "crypto drifting kits," which allows novice cybercriminals to have access to advanced malware at no initial cost. The attackers who use the drainer-as-a-service (DaaS) model will divide the percentage of the looted proceeds with service providers.

As SPF and CSA explain, crypto-drainers-related attacks start with a phishing campaign usually involving hacking leading social media accounts or sending fake emails to users from hacked databases from large service providers.

The suspicious victim who clicks on the phishing link will be directed to a fake trading website asking users to connect their Web3 wallet. A malicious smart contract is then inserted into the victim's system, allowing hackers to withdraw funds without further permission.

Although such attacks have not been reported in Singapore, according to the warning, this practice has gained recognition among hackers. MS Drainer, a popular ready-to-use crypto-drainer, helped hackers steal 59 million US dollars worth of cryptocurrencies by 2023.

Stolen funds are often channeled through services that reduce traces, such as crypto mixers, and greatly reduce the possibility of being restored.

Singapore authorities recommend the use of a hard wallet as a security measure against a drainage wallet attack, among other preventive measures. While suggesting crypto investors to conduct careful research, the warning asks Singaporeans to report any similar incidents to crypto service authorities and providers.

Most importantly, in such a situation, the victim had to revoke suspicious token approval and transfer the remaining funds to a safer wallet address to avoid further losses.