SINGAPORE – Be careful if you come across online advertisements on cryptocurrency-related issues – including investment opportunities – and blockchain-related job postings.
They could be scammers looking to break into your digital wallet and siphon funds from them. People have been losing money from such ruses recently, the police and Cyber Security Agency of Singapore (CSA) said on Feb 5.
The Straits Times has contacted the police for more information on the amounts lost by the victims.
In the first scam variant, victims encounter cryptocurrency investment opportunities on social media platforms, or in advertisements posted by the scammers posing as cryptocurrency influencers, said the authorities.
The victims are directed to a Telegram channel that features the latest cryptocurrency news via a link.
They are led to believe that they need to pass a Completely Automated Public Turing test (Captcha) verification to join the channel.
Captchas are used online to distinguish between human users and automated ones, such as bots.
As the victims struggle to complete the Captcha, a message box appears with instructions to enter a command to bypass the verification.
Victims are led to believe that they need to pass a Captcha verification to join the Telegram channel. PHOTO: SINGAPORE POLICE FORCE
However, the command is actually a malicious code to compromise the victim’s cryptocurrency wallet.
In another variant, victims either respond to fake advertisements or click on links related to decentralised finance (DeFi) platforms based on internet searches.
DeFi is a form of finance that exists on blockchains, which are digital ledgers of transactions maintained by a global network of individual computers.
These links include paid advertisements that redirected users to phishing sites, where they are deceived into connecting to their cryptocurrency wallet.
The site then executes a hidden smart contract, which transfers victims’ funds out of the wallet.
Another type of ruse involves victims being lured by scammers through job offers on LinkedIn messages or e-mails about blockchain-related work opportunities.
In some cases, they are asked to download files on the pretext of testing their skills, or via fake interview meeting links.
The files contain a malicious code that targets browser extension data and wallet details.
This results in monetary losses from victims’ cryptocurrency wallets.
The police and CSA advise people to store their cryptocurrencies offline, through hardware wallets, for example, as they are less vulnerable to online attacks.
They should also use a strong password, enable two-factor authentication, and monitor and review their accounts regularly.
If you are or suspect that you are a victim of a cryptocurrency-related crime, you should contact your cryptocurrency exchange to halt further transactions or freeze your account.
If a wallet’s seed phrase is compromised, transfer all remaining cryptocurrencies in the compromised wallet to another wallet immediately.
A seed phrase is a sequence of 12 to 24 random words that stores the data required to access or recover cryptocurrency.
They can also report the incident to police and report any fraudulent cryptocurrency phishing websites to CSA’s SingCert at singcert@csa.gov.sg.
• Sherlyn Sim is a journalist at The Straits Times who covers breaking news and current events.
Join ST’s WhatsApp Channel and get the latest news and must-reads.
