SCAMSSECURITY

Singapore authorities warn of increasing phishing threats: Users must carefully verify the contents before signing smart contracts.

share
Singapore authorities warn of increasing phishing threats: Users must carefully verify the contents before signing smart contracts.

The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) have jointly issued a public advisory, warning cryptocurrency traders to be cautious of the risk of digital wallets being hacked. They mentioned that with the increasing prevalence of malicious activities using phishing tools, users still need to take relevant precautions to prevent such incidents.

Singapore Authorities Warn of Rising Phishing Threats

According to a joint advisory released by Singapore authorities on the 31st, incidents of cybercriminals using phishing tools to steal cryptocurrencies from digital wallets are on the rise.

The advisory outlines the operation and business model of phishing tools, noting the increasing popularity of services like DaaS (Drain-as-a-Service) among criminals, often promoted through email or by well-known Key Opinion Leaders (KOLs) on social media.

"Can't click wallet verification links? ZachXBT: Multiple cryptocurrency team official emails hacked, over $600,000 stolen"

Reportedly, phishing tool developers offer various services, allowing criminals to purchase token-stealing code and modules, distribute phishing site links with the mentioned code to steal user assets.

On the other hand, criminals can outsource the entire process to the team, from creating counterfeit websites, marketing, to distributing phishing links, and receive a share of the stolen amount based on the final theft.

Singapore authorities commented:

Although no specific cases have been reported in Singapore, the public should remain vigilant against such cyberattacks happening globally.

Security Recommendations from Authorities

Furthermore, the advisory strongly recommends cryptocurrency investors to take the following security measures to prevent phishing attacks:

  1. Use a cold wallet
  2. Safeguard mnemonic phrases
  3. Beware of high-return investment strategies and airdrop links
  4. Verify the security of smart contracts before interacting
  5. Double-check contract content before signing
  6. Regularly review and revoke approval for unused contracts in wallets
  7. Interact with unfamiliar contracts using less funds or a new wallet

In other words, this public consultation indicates that government authorities have noticed a significant increase in phishing incidents. For Singapore, which has recently focused on cryptocurrency regulation, laws and preventive measures related to investor protection against crypto phishing and theft may be widely discussed and even formulated soon.

Evolving Phishing Services and Tools

Additionally, cybersecurity team Scam Sniffer recently pointed out that in the past week, 4 victims have been scammed out of over $10 million through a new type of phishing attack using the Create 2 function, involving various token types including LP tokens, staked tokens, or NFTs.

Reportedly, the Create 2 function written in smart contracts can be used to modify contract content when combined with other functions. Criminals bypass certain wallet security warnings by generating new addresses for each malicious signature.

In 2023, phishing products such as Pink, Pussy, Venom, and the now-defunct Monkey and Inferno Drainer emerged in large numbers, resulting in an unprecedented peak in phishing cases and losses, estimated to have stolen over $162 million that year.

Earned over 80 million euros! Phishing tool Inferno Drainer announces closure: Nothing lasts forever

Now, a new phishing tool, Wallet Drainer, has resurfaced, having stolen nearly $59 million from over 60,000 victims in the past 9 months, with fraudulent ads even spreading across Google and Twitter, now known as X.