The attack drained $14,189 across separate wallets with different seed phrases that were not saved digitally.
Crypto Hack News
A Singapore entrepreneur lost his entire cryptocurrency portfolio after downloading malware disguised as a beta testing opportunity for an online game called MetaToy. Mark Koh, founder of victim-support organization RektSurvivor, detailed the Dec. 5 incident that drained eight years of accumulated assets.
Koh discovered the MetaToy beta testing opportunity through Telegram channels. The professional appearance of the project's website and Discord server, combined with responsive team members, convinced him the game was legitimate.
His Norton antivirus flagged suspicious activity after downloading the game launcher. Koh ran full system scans, deleted suspicious files and registries, and reinstalled Windows 11 in response to the warnings.
Every software wallet connected to his Rabby and Phantom browser extensions was emptied within 24 hours despite the security measures. The attack drained $14,189 across separate wallets with different seed phrases that were not saved digitally.
The exploit likely combined authentication token theft with a Google Chrome zero-day vulnerability discovered in September. The vulnerability enables malicious code execution even when browser wallets remain closed.
Norton antivirus blocked two dynamic link library hijack attempts, indicating the malware used multiple attack vectors. The exploit also implanted a malicious scheduled process that survived the initial cleanup efforts.
Koh advised angel investors and developers who download beta launchers to remove seeds from browser-based hot wallets when not in use. Using private keys instead of seed phrases limits exposure to derivative wallets.
Singapore police confirmed they received a report about the fraud. Another victim contacted by RektSurvivor remained in communication with the scammer, who believed the second target was still attempting to download the game launcher.
Cybercriminals have deployed increasingly sophisticated techniques throughout the year. Hackers have used GitHub repositories, fake AI tools, malicious Captchas, and compromised code extensions to distribute crypto-stealing malware.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
