Report Cites Escalating Crypto Use by Pro-ISIS Groups

The Singapore Police Force (SPF) and the Cyber Security Agency of Singapore (CSA) have jointly issued an advisory to raise awareness about the escalating use of cryptocurrency drainers in cyberattacks. The advisory aims to inform citizens about the threat and provide recommendations to protect against such attacks, with a specific emphasis on utilizing hardware wallets for enhanced security. Cryptocurrency drainers represent a form of malware that specifically targets crypto wallets. These malicious tools are often employed in phishing attacks to illicitly extract funds from users' wallets without proper authorization.Photo by Junrui Wu on UnsplashDrainer-as-a-service threatOf particular concern are commercial crypto draining kits, which empower less experienced cyber-criminals with sophisticated malware at no upfront costs. Operating on a drainer-as-a-service (DaaS) model, attackers share a predetermined percentage of the stolen funds with the service provider. The SPF and CSA underscored that crypto-drainer-related attacks typically originate from phishing campaigns. These campaigns commonly involve infiltrating verified social media accounts or dispatching fraudulent emails to users from compromised databases of major service providers. Unsuspecting victims who click on phishing links are redirected to counterfeit trading websites that prompt them to connect their Web3 wallets. Subsequently, a malicious smart contract is injected into the victim's system, enabling hackers to withdraw funds without additional authorization. MS Drainer and Inferno DrainerWhile no such attacks have been reported in Singapore to date specifically, the advisory acknowledges the rising recognition of this threat among hackers. Notably, an off-the-shelf crypto drainer called MS Drainer contributed to hackers stealing $59 million worth of cryptocurrency in 2023. Last month, Singapore-based cyber security firm Group-IB produced a report concerning the Inferno Drainer operation. According to the company’s research, the malware operation led to the theft of $80 million in digital assets globally, until the developers behind it shut it down last November. In December, the Pink Drainer hacking group notched up another victim, to the tune of $4.4 million in LINK tokens. Last week blockchain security firm Scam Sniffer reported that $10 million in digital assets had been stolen in phishing-related incidents over the course of just five days. Hardware walletsTo counteract these threats, Singapore authorities recommend the use of hardware wallets as a security measure against wallet drainer attacks. Additionally, the advisory instructs crypto investors to conduct thorough research before engaging with cryptocurrency services or platforms. Singaporeans are encouraged to report any suspicious incidents related to crypto drainers or phishing attacks to both relevant authorities and crypto service providers. In the event of a security breach, victims are urged to revoke any suspicious token approvals and promptly transfer their remaining funds to a different, secure wallet address to prevent further losses. This proactive approach aims to empower individuals with the knowledge and tools needed to navigate the risks associated with crypto drainers and foster cybersecurity awareness within the cryptocurrency ecosystem. As the threat landscape evolves relative to digital assets, this advisory serves as a valuable resource to educate citizens about the risks posed by crypto drainers.  

Legal Process Continues Following Crypto.com Transfer MishapJatinder Singh, a customer of Singapore-headquartered Crypto.com is expected to face a plea trial next month in the wake of an errant transfer that occurred on the platform over two years ago.In 2021, Crypto.com inadvertently transferred over $10 million into Thevamanogari Manivel’s Commonwealth Bank account in Australia. Remarkably, this substantial error went unnoticed by Crypto.com for seven months until it was uncovered during an audit.Photo by Tingey Injury Law Firm on Unsplash18-month sentenceManivel, a 41-year-old disability support worker, was arrested at Melbourne airport while attempting to board a plane to Malaysia in March 2022. She was holding a one-way ticket and nearly $11,000 in cash. Her recent sentencing, following her guilty plea for recklessly dealing with the proceeds of the crime, has garnered significant attention.The court imposed an 18-month community corrections order, including six months of intensive compliance and unpaid community work. This punishment was in addition to the 209 days Manivel had already spent in custody.Embarrassing errorCrypto.com’s multimillion-dollar mistake made headlines globally when it came to light during legal proceedings aimed at freezing Manivel’s assets. This incident occurred during a period of heightened uncertainty in the cryptocurrency market, mere months before the highly publicized collapse of rival FTX.In 2018, Manivel met Jatinder Singh, who became her partner and shared her interest in cryptocurrency investments. Singh attempted to make a payment using Manivel’s bank account on Crypto.com but encountered a rejection due to a name mismatch. A processing error, however, led to a massive transfer of $10.47 million into Manivel’s account.Realizing the overpayment, Singh advised Manivel to move the funds to a joint Westpac account. Between the transfer and Manivel’s arrest, the money was used to purchase four houses, vehicles, art, and furniture, and $4 million was sent to an overseas account.Crypto.com discovered the error during an audit in December 2021 and initiated efforts to reclaim the funds from Commonwealth Bank. In January 2022, the bank contacted Manivel multiple times, seeking the return of the money. Manivel, initially regarding these communications as scam attempts, remained unaware of the gravity of the situation. She later informed the police that Singh had claimed to win the money in a Crypto.com competition.Theft chargesWith Manivel having been dealt with by the courts, attention now turns to Singh, who faces charges of theft and is scheduled for a plea hearing on October 23.In response to this incident, Crypto.com highlighted its commitment to enhancing internal processes to ensure security and compliance in financial services. This includes updates to their refund and withdrawal systems to prevent such occurrences in the future.The wayward transfer may have left Crypto.com with egg on its face, but the firm has been redeeming itself via other endeavors, including the roll-out of the use of AI on its platform. On the regulatory front, the company has been working diligently towards compliance in the Spanish market, having already acquired trading licenses in Dubai and its home market of Singapore.This case serves as a cautionary tale of the unexpected consequences that can arise in crypto. Such elementary mistakes will not provide confidence to service users. The saga lays down a marker for a need for greater professionalism in the sector.

Bitcoin mining company Bitdeer Technologies Group is finally set to go public on the Nasdaq this Friday after a series of delays. The Singapore-based firm, which offers cloud mining services, has been in a special purpose acquisition company (SPAC) merger process with Blue Safari Group. Drawn-out merger processBlue Safari Group filed for three extensions within six months last year, the last extension being a year long. The deal was originally expected to close in November 2021. The stopping block for the latest extension was insufficient time to get shareholder approval. However, Bitdeer Technologies Group revealed in a statement that shareholder approval has now been filed with the SEC.The merger was finally approved at an extraordinary general meeting of Blue Safari’s shareholders on April 11. The results of the vote will be included in a current report on Form 8-K to be filed by Blue Safari with the SEC. The deal is expected to close on April 13, 2023. Upon closing, Bitdeer Technologies Group will remain as the combined company, and its shares will begin trading on the Nasdaq under the ticker symbol “BTDR” on April 14.Bitdeer CEO Linghui Kong said, “Today marks a significant milestone for Bitdeer, leaving us poised to list on the Nasdaq and equipped to seize the growth opportunities ahead of us. I am incredibly proud of what we have achieved so far and look forward to embarking on the next chapter of our journey.” The firm operates six mining data centers globally, with an aggregate electricity capacity of 775MW at the end of 2022. Surviving crypto winterBitdeer Technologies Group, backed by Bitmain founder Jihan Wu, offers cloud mining services, and is participating in a market that has been impacted by market volatility. However, miners that have survived are doubling down on expansion efforts. Yesterday, for example, the U.S. mining firm CleanSpark announced the purchase of 45,000 new mining machines for $144.9 million.Bitdeer will be part of a growing list of Bitcoin mining firms listed on Nasdaq, joining the likes of Riot Blockchain, Marathon Digital, and Canaan. Green miningRecently, the cryptocurrency mining industry has witnessed significant growth in green mining efforts. Terawulf, a US-based company, recently announced that its nuclear-powered mining facility, Nautilus, will come online soon. When fully operational, Nautilus is expected to have a hash rate of 1.6 exahashes per second (EH/s). The facility will run on nuclear power, which will significantly reduce the carbon footprint of the mining operations.The energy-use of crypto mining has been coming under scrutiny relative to its carbon footprint and the demands it places on the power grid. In what many in the crypto space have called a “hit piece” targeting mining, the New York Times took aim at the industry on Monday. Bitdeer took to Twitter to call out false claims made by the publication relative to its use of energy during a 2021 winter storm.Bitdeer’s journey to becoming a publicly-traded company has been fraught with delays, but with shareholder approval in place, the company is ready to enter the public markets.