Skip to main
Toggle notifications



    1800 255 0000
  • I-Witness

Joint Advisory By Singapore Police Force And The Cyber Security Agency Of Singapore


Cybercriminals are increasingly leveraging crypto drainers to target owners of cryptocurrency wallets (“crypto wallets”) as the use of cryptocurrencies become increasingly popular with their dollar values correspondingly increasing. 

A Crypto drainer is a type of malware that targets crypto wallets. These drainers are often deployed as part of phishing attacks, where the victim is tricked into clicking  a malicious link or opening a malicious attachment. By doing so, the victims are tricked into consenting to a malicious transaction that allows the drainer to steal cryptocurrencies stored in their wallets.

How Scammers Make Use of Crypto Drainers to Facilitate Cryptocurrency Theft

While such cases have not been observed in Singapore, members of the public should remain alert to such cyber attacks that are happening globally.

There are cybercriminal groups that develop “commercial” crypto draining kits and provide services to other cybercriminals with limited technical expertise based upon a Drainer-as-a-Service (DaaS) model. Under this model, a percentage of the stolen amount are charged by these groups in exchange for the provision of wallet draining scripts, phishing kits, instruction sets etc. 

The modus operandi of these crypto drainers can be distilled into the   
following steps:

  1. Launch a Phishing Campaign: Cybercriminals will promote a fake crypto airdrop1 by publicising the campaign through social media platforms or emails. These cybercriminals have also been observed to compromise verified X (formerly known as Twitter) accounts to increase the reach and credibility  of their campaigns. 

  2. Direct Victims to a Phishing Website: A phishing link will then be provided to direct unsuspecting victims attempting to claim the allegedly free tokens to a phishing website that resembles a token distribution platform. The website will prompt them to provide their crypto wallet details to receive the tokens.

  3. Wallet Connection: When unsuspecting victims connect their crypto wallets to the website, they will be requested to authenticate their accounts using their private keys or seed phrases2. Once a connection has been established with their crypto wallets, the foundation is now laid for cybercriminals to begin exfiltrating cryptocurrencies out from the victims’ wallets. 

  4. Malicious Smart Contract Interaction: The victims will then be induced to interact with a malicious smart contract3 under the pretext that it is a necessary step to claim the airdrop or incentives. However, the contract contains embedded malicious functionalities such as manipulating ‘approve’ or ‘permit’ allowances for cybercriminals. Once executed, it enables cybercriminals to drain the victims’ cryptocurrency wallet without further interactions (or authorisations) required from the victims. 

  5. Asset Transfer and Obfuscation: Upon successfully infiltrating and attaining the necessary controls over the victims’ crypto wallet, cybercriminals will begin to swiftly drain the wallet. The cybercriminals will also leverage sophisticated techniques such as cryptocurrency mixers or orchestrate a series of transfers to obfuscate the stolen assets trails, making it difficult to trace and attempt recoveries.

Safeguarding Yourself from Crypto Drainers

Despite the sophistication and possible scale of crypto drainer-related campaigns, there are measures that owners of crypto wallets can take to safeguard themselves from such scams.
These measures (non-exhaustive) include:

  1. Using a hardware wallet for enhanced security.

  2. Being wary of attractive offers such as free crypto airdrops that appear too good to be true.

  3. Verifying the legitimacy and functions of smart contracts before interacting with them.

  4. Limiting the use of high allowances and regularly reviewing and revoking them by using blockchain explorers or wallet interfaces.

  5. Understanding the implications of approving or signing transactions before doing so.

  6. Researching the background/history of a project or cryptocurrency before connecting your wallet and ensuring that any connections are performed after verifying the validity of the website.

  7. Connecting a newly created or empty crypto wallet when uncertain about a project or token.

  8. Not divulging seed phrases3 to anyone.

What to do if you fall Victim to a Crypto Scam

If you are, or suspect that you are, a victim of a crypto scam involving crypto drainers or otherwise, you are advised to perform the following immediately:

  1. Contact your cryptocurrency exchange immediately to halt further transactions or freeze your account, if possible.

  2. Report the incident to the police and CSA’s SingCERT.  

  3. Review and revoke any suspicious token approvals using applicable wallet interfaces.

  4. If a wallet’s seed phrase is compromised, transfer all remaining cryptocurrencies in the compromised wallet to another wallet immediately.



31 January 2024 @ 9:00 AM
Hover to toggle social media icons SHARE
Hover to toggle social media icons SHARE