FEB 2, 2024
Singapore police suggest hardware wallets to combat malware
The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) have jointly issued an advisory to raise awareness about the escalating use of cryptocurrency drainers in cyberattacks.
The advisory aims to inform citizens about the threat and provide recommendations to protect against such attacks, with a specific emphasis on utilizing hardware wallets for enhanced security. Cryptocurrency drainers represent a form of malware that specifically targets crypto wallets. These malicious tools are often employed in phishing attacks to illicitly extract funds from users’ wallets without proper authorization.
Of particular concern are commercial crypto draining kits, which empower less experienced cyber-criminals with sophisticated malware at no upfront costs. Operating on a drainer-as-a-service (DaaS) model, attackers share a predetermined percentage of the stolen funds with the service provider.
The SPF and CSA underscored that crypto-drainer-related attacks typically originate from phishing campaigns. These campaigns commonly involve infiltrating verified social media accounts or dispatching fraudulent emails to users from compromised databases of major service providers.
Unsuspecting victims who click on phishing links are redirected to counterfeit trading websites that prompt them to connect their Web3 wallets. Subsequently, a malicious smart contract is injected into the victim’s system, enabling hackers to withdraw funds without additional authorization.
MS Drainer and Inferno Drainer
While no such attacks have been reported in Singapore to date specifically, the advisory acknowledges the rising recognition of this threat among hackers. Notably, an off-the-shelf crypto drainer called MS Drainer contributed to hackers stealing $59 million worth of cryptocurrency in 2023.
Last month, Singapore-based cyber security firm Group-IB produced a report concerning the Inferno Drainer operation. According to the company’s research, the malware operation led to the theft of $80 million in digital assets globally, until the developers behind it shut it down last November.
To counteract these threats, Singapore authorities recommend the use of hardware wallets as a security measure against wallet drainer attacks. Additionally, the advisory instructs crypto investors to conduct thorough research before engaging with cryptocurrency services or platforms. Singaporeans are encouraged to report any suspicious incidents related to crypto drainers or phishing attacks to both relevant authorities and crypto service providers.
In the event of a security breach, victims are urged to revoke any suspicious token approvals and promptly transfer their remaining funds to a different, secure wallet address to prevent further losses. This proactive approach aims to empower individuals with the knowledge and tools needed to navigate the risks associated with crypto drainers and foster cybersecurity awareness within the cryptocurrency ecosystem.
As the threat landscape evolves relative to digital assets, this advisory serves as a valuable resource to educate citizens about the risks posed by crypto drainers.