Singaporean investor loses over $100k to 'sophisticated' cryptocurrency phishing scam

A Singaporean man lost all his digital assets of at least $100,000 after being tricked into downloading a 'beta game launcher' which contained malware.

Phishing scam victim Mark Koh, 44, told Lianhe Zaobao on Monday (Dec 15) that he is an angel investor interested in Web3 — a term describing the next generation of the internet, one which is decentralised and blockchain-based.

Angel investors are individuals who support the funding of startups or entrepreneurs, typically in exchange for equity.

Koh explained that he had seen a Telegram message about a new project called "MetaToy" and got into contact with a user named "Shanni", who reportedly claimed to be co-founder of the "Meta team".

He said the user patiently answered his questions about the game project and did not pressure him.

"As someone who has evaluated countless Web3 projects, I believed I could identify scams, and this project looked legitimate," he told Zaobao.

The man subsequently downloaded a "game launcher" provided by "Shanni". Unknown to him at that time, he had downloaded malware targeting his crypto wallets.

According to Koh, his antivirus later detected malicious software, prompting him to run a full system scan and delete all suspicious files: "I thought I was safe."

He even reinstalled Windows 11, but a day later on Dec 12, scammers drained the e-wallets connected to his browser extension. He lodged a police report that same day.

In a LinkedIn article on Dec 15, Koh called the scam "sophisticated". Revealing that he had accrued the digital assets over eight years, he acknowledged that he is "privileged" to still be working a day job.

According to the police report posted in Koh's article, he is a business development manager.

He added that he is cofounder of a community named RektSurvivor, helping individuals who have lost crypto funds.

"The irony is not lost on me. I've spent years helping others navigate these situations, and now I'm one of them," he wrote.

"I already use redundant wallets, cold wallets, (multi-signatures), have 2FA on everything, strong passwords, a password manager, air gapped physical recovery phrases. So believe me, you can be a victim still."

Koh told the Chinese paper that he is sharing his story to remind the public to be vigilant and advised crypto users to remove from their browser extensions "hot wallets" that are connected to the internet.

The police confirmed to AsiaOne that a report was lodged and investigations are ongoing.

[[nid:725076]]

lim.kewei@asiaone.com