The Singapore Police Force (SPF) and Cyber Security Agency of Singapore (CSA) would like to alert members of the public to recent scam variants that led to monetary losses from cryptocurrency assets through phishing links/websites and keying of unknown commands.
In one of the variants, victims would come across cryptocurrency investment opportunities on social media platforms or advertisements placed by scammers impersonating cryptocurrency influencers. They would be directed to a Telegram channel with the latest cryptocurrency news via a link (refer to Annex A). Victims were led to believe that they need to pass a CAPTCHA [1] verification to join the channel. As they would encounter difficulties in completing the CAPTCHA, a message box would appear with instructions to enter a PowerShell command, to bypass the verification. However, the PowerShell command was actually a malicious code to compromise the victim's cryptocurrency wallet.
In another variant, victims would either respond to fake advertisements or click on links pertaining to decentralised finance (DeFi) platforms based on internet searches. These links include paid advertisements that redirect users to phishing sites, where they were deceived into connecting their cryptocurrency wallet. Thereafter, the site would execute a hidden smart contract that transferred victims’ funds out from the wallet.
Lastly, another type of scam variant involved victims being lured through job offers via LinkedIn messages or emails on blockchain related work opportunities. In some cases, victims would be asked to download malicious files, under the guise of evaluating their work proficiency or via fake interview meeting links. These files contained a malicious code that target browser extension data and wallet details, resulting in monetary losses from their cryptocurrency wallets.
SPF and CSA would like to advise cryptocurrency users to adopt the following precautionary measures:
- Use Secure Wallets: You should use secure wallets such as hardware wallets to store your cryptocurrencies offline as they are less vulnerable to online attacks. If you are required to perform frequent cryptocurrency transactions, use software wallets from reputable exchanges and ensure that they are updated with the latest security patches. You are advised to enable automatic updates, if available, or regularly check the exchange platform for new updates and install them immediately when available.
- Use Strong Passwords and Enable Two-Factor Authentication (2FA): You should set strong passwords for your wallets and online accounts. Do not share your private keys, recovery or seed phrases with anyone, and store them in physical form at a secure location. Always enable 2FA for cryptocurrency exchange accounts, wallets, and other related services.
- Monitor and Review Your Accounts Regularly: Regularly check your wallets and accounts for unauthorised transactions. Enable account activity notifications if it is available on the platform. Regularly review and revoke the use of high allowances by using blockchain explorers or wallet interfaces.
- Beware of Phishing Attempts: Avoid running unknown commands, especially from unfamiliar sources, clicking on unsolicited links or downloading attachments from unknown sources. Always verify the links with official sources to ensure you are accessing legitimate cryptocurrency platforms. Be cautious of cryptocurrency opportunities that require upfront cryptocurrency payments, or sound too good to be true. If in doubt, avoid sharing the content with others and verify the information with trusted sources.
- Stay Updated and Informed: Keep up to date with the latest security threats and best practices in cryptocurrency security through official and trusted sources.
If you are or suspect that you are a victim of cryptocurrency related crimes, you are advised to perform the following immediately:
- Contact your cryptocurrency exchange to halt further transactions or freeze your account, if possible.
- Review and revoke any suspicious token approvals using applicable wallet interfaces.
- If a wallet’s seed phrase is compromised, transfer all remaining cryptocurrencies in the compromised wallet to another wallet immediately.
- Report the incident to the Police. You may also report any fraudulent cryptocurrency phishing websites to CSA’s SingCERT at singcert@csa.gov.sg or via the incident reporting form at https://www.csa.gov.sg/singcert/reporting.
If you have any information relating to such crimes or if you are in doubt, please call the Police Hotline at 1800-255-0000, or submit it online at www.police.gov.sg/i-witness. All information will be kept strictly confidential. If you require urgent Police assistance, please dial ‘999’. If you are unsure if something is a scam, call the 24/7 ScamShield Helpline at 1799 or download the ScamShield app to check, detect and block scams. For more information on scams, visit www.scamshield.gov.sg.
[1] CAPTCHA – Completely Automated Public Turing Test to tell Computers and Humans Apart, designed to determine if an online user is a human and not a bot.
Annex A
Screenshots of phishing link
Screenshot of Telegram chat
CYBER SECURITY AGENCY OF SINGAPORE
05 February 2025 @ 6:01 PM