Trusted

Singapore Raises Red Flags: Concerns Over Crypto Draining Kits Emerge

2 mins
Updated by Ryan Boltman
Join our Trading Community on Telegram

In Brief

  • Singapore Police warns of crypto drainer attacks involving phishing campaigns and a smart contract to access victims' funds.
  • The attack uses a Drainer-as-a-Service software kit, sometimes paid for in Bitcoin, making it difficult to trace the crypto.
  • The number of malicious drainer applications is increasing, with one Solana wallet drainer community boasting 6,200 members.
  • promo

The Singapore Police Force and crypto security companies have warned of a recent pattern of crypto wallet drainer attacks. The hackers use a sophisticated combination of phishing campaigns and a smart contract to gain access to victims’ crypto before draining them dry. 

The crypto scam has been perpetrated by Drainer-as-a-Service software peddled by more sophisticated actors.

How the New Crypto Wallet Drainer Scam Works

According to authorities in Singapore, the criminals first infiltrate a legitimate account on a platform such as X. They then entice users to click on a link directing them to a malicious website.

Hackers then get the user to connect their crypto wallet to the site and authenticate their account with private keys. Once they perform these tasks, the hacker asks the victim to interact with a smart contract under the pretext of claiming their free tokens. 

The interaction with the smart contract then gives hackers full access to the victim’s funds. The criminals then drain assets and send them to a crypto mixer, making them hard to trace. 

Read more: How To Identify a Scam Crypto Project

The attack involves the use of a sophisticated Drainer-as-a-Service software kit. In some cases, less-sophisticated attackers use these services in exchange for a portion of the criminal proceeds.

Sometimes, the sellers require payments in crypto assets like Bitcoin. By far, most bad actors still favor Bitcoin over other crypto assets as a payment method on the darknet, according to Chainalysis.

Crypto Security Companies Sound Alarm

Several crypto security firms say the number of malicious drainer applications is increasing. One community of Solana wallet drainers reportedly had 6,200 users as of earlier this month. CertiK and Blockaid have expressed concern about these thriving communities.

“These drainers are highly sophisticated and can deceive the simulations used by Solana wallets, leading users to unknowingly sign malicious transactions.”

crypto security companies crypto wallet drainer services
Examples of the Sales of Crypto Wallet Drainer Services | Source: CertiK

CertiK confirmed that funds lost to crypto scams in 2024 totaled $77 million. The CEO of Ripple Labs, Chris Larsen, confirmed that several of his crypto accounts had been compromised yesterday. 

Read more: Top 10 Must Have Cryptocurrency Security Tips

A recent attack affecting Ledger Connect Kit users used a supply chain method to compromise the wallet. In this type of attack, the hacker finds a weakness in one or more of a product’s components. 

In the case of Ledger, the attacker injected a malicious wallet drainer payload into the @ledgerhq/connect-kit NPM software component. This payload gave them access to all the decentralized applications the user linked to their wallet.

Another attack vector involves stealing a crypto user’s mobile number to gain access to crypto applications. In this attack, the criminal convinces mobile operators that they are real customers who must move their numbers to an alternative mobile SIM card. 

The operator then transfers the number from the legitimate holder to the criminal. Authorities recently charged a California man named Robert Powell with operating a SIM-swap ring that allegedly stole $400 million in crypto and fiat. 

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C...
READ FULL BIO
Sponsored
Sponsored