Singapore Entrepreneur Loses Entire Crypto Portfolio After Downloading Fake Game
Singapore entrepreneur Mark Koh lost $14,189 in cryptocurrency after falling for a scam involving a fake online game, MetaToy, encountered through a beta testing offer on Telegram. Despite Koh’s experience with Web3 projects and reassurances from MetaToy’s professional-looking website and responsive team, downloading the game’s launcher installed malware on his computer. His antivirus detected and attempted to block suspicious activity, but within a day, all his browser-linked crypto wallets were emptied. Koh suspects the attackers used both authentication token theft and a Chrome zero-day vulnerability, employing multiple attack vectors, including DLL hijacking and scheduled malicious processes. Koh advises extra precautions for investors and developers, such as removing wallet seeds from browsers and using private keys instead of seed phrases. Singapore police have received his report. Another Singaporean victim has also been identified. The incident highlights growing sophistication in crypto-related cyberattacks, echoing recent trends like banking malware distributed through GitHub, fake AI tools, and malicious updates targeting crypto holders.
