Landing page banner

The Police would like to remind members of the public to be vigilant against phishing scams involving spoofed SMSes and emails, where scammers impersonate cryptocurrency platforms such as Coinhako, to deceive victims into relinquishing control of their accounts. Since 11 October 2025, there were at least 15 cases reported, with total losses amounting to at least $51,000.

In these cases, victims would receive either SMSes, iMessages or emails informing them of suspicious new logins to their cryptocurrency account. Victims would then be asked to review the logins by clicking on phishing link in the message, which would redirect victims to a fake login page. Upon entering their login details, the victims would be asked to regenerate a deposit wallet key and cancel a withdrawal request. This allows scammers to gain access to victim’s account to conduct funds transfers.
 
Victims would realise that they had been scammed when they receive legitimate email notifications from the cryptocurrency platforms about unauthorised logins and their cryptocurrency have been transferred out from their accounts. Victims could also be asked to call a phone number received via SMS, and the scammers would guide the victims leading to the compromise of their cryptocurrency account.

The Police would also like to advise users of cryptocurrency platforms to adopt the following precautionary measures:

1. ADD – Add the ScamShield app to block scam calls and filter scam messages. Set security features e.g. set up transaction limits for internet banking transactions, enable Two-Factor Authentication (2FA) as well as Multi-Factor Authentication (MFA) for banks and e-wallets to provide an additional layer of security to your online accounts. Check if your cryptocurrency platform offers a self-service kill switch that would allow you to promptly block any access to your account. Apply such features to immediately block access to your account upon discovering any unauthorised access. Also, users may setup an anti-phishing code which is a personalized code that serves as a reliable way of verifying the authenticity of the information by appearing in messages or emails. 
   
   
2. CHECK – Check the authenticity of the message/link with the cryptocurrency platforms or via the ScamShield app or live-chat feature on the ScamShield website (www.scamshield.gov.sg). Always verify that you are logged into the official website of your cryptocurrency platform before providing any 2FA access code. Regularly monitor your wallets and accounts for unauthorised transactions by enabling account activity notifications if it is available on the platform. In addition, cryptocurrency platform users should regularly review and cancel high spending limits through blockchain explorers or wallet interfaces. 
   
   
3. TELL – Tell the authorities, family, and friends if or when you encounter scams. If you suspect that you have fallen victim to a scam, call your bank immediately to block any fraudulent transactions and make a police report.

If you are or suspect that you are a victim of cryptocurrency related crimes, you are advised to perform the following immediately:

1. Contact your cryptocurrency platform to halt further transactions or freeze your account.
   
   
2. Review and revoke any suspicious token approvals using applicable wallet interfaces.
   
   
3. If a wallet’s seed phrase is compromised, transfer all remaining cryptocurrencies in the compromised wallet to another wallet immediately. Generally, never share your seed phrase with anyone.
   
   
4. Report the incident to the Police. You may also report any fraudulent cryptocurrency phishing websites to CSA’s SingCERT at singcert@csa.gov.sg or via the incident reporting form at https://www.csa.gov.sg/singcert/reporting.

If you are in doubt, call the 24/7 ScamShield Helpline at 1799 to check. For more information on scams, members of the public can visit www.scamshield.gov.sg. Fighting scams is a community effort. Together, we can ACT Against Scams to safeguard our community!