Singaporean authorities have issued a cybersecurity warning to citizens due to an increasing number of cryptocurrency skimmers, specifically wallet skimmers, stealing funds from investors within the crypto ecosystem. The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) issued a joint advisory to create awareness about cyberattacks involving cryptocurrency spenders, a type of malware that targets crypto wallets. These phishing attacks leverage cryptocurrency spenders to withdraw funds from users' wallets without proper authorization. Authorities are particularly concerned about commercial cryptocurrency consumption kits that enable novice cybercriminals to deploy sophisticated malware without an upfront fee, utilizing a "consumer as a service" (DaaS) model, where attackers share a predetermined percentage of the loot with the service provider.
According to SPF and CSA, attacks related to cryptocurrency depletion typically start with phishing campaigns, which involve hacking well-known social media accounts or sending fraudulent emails to users from breached databases of major service providers. Unsuspecting victims often click on phishing links that redirect them to fake exchange websites, prompting users to connect their Web3 wallets. The malicious smart contract is then injected into the victim's system, enabling hackers to withdraw funds without additional authorization.
While the advisory notes that no such attacks have been reported in Singapore, the practice has gained popularity among hackers. MS Drainer, a widely used off-the-shelf cryptocurrency draining tool, assisted hackers in stealing $59 million worth of cryptocurrency in 2023. Stolen funds are frequently funneled through services like cryptocurrency mixers, which hinder traceability and significantly reduce the chances of recovery.
Singaporean authorities recommend the use of hardware wallets as a precautionary measure against wallet exhaustion attacks. Alongside advising crypto investors to conduct thorough research, the advisory encourages Singaporeans to report any such incidents to authorities and crypto service providers. Importantly, victims are urged to revoke any suspicious token approvals and transfer remaining funds to different secure wallet addresses to prevent further loss.
