Singaporean investor loses cryptocurrency after installing a game

Key points:

• Singaporean business angel Mark Koh lost about $14 000 in cryptocurrency after his computer was infected with malware disguised as a game.
• The attack allowed the attacker to access wallet data and withdraw funds a day after the incident.
• The investor filed a report with the police and warned the community about the risks, even when projects appear to be secure.

Singaporean business angel and crypto investor Mark Koh lost a significant portion of his digital assets after his computer was infected with malware disguised as a video game. According to him, the attackers stole about $14 189 (approximately 100 000 yuan) worth of cryptocurrency, which he had accumulated over eight years.

The entrepreneur recounted the incident in a LinkedIn post, which was picked up by the Lianhe Zaobao newspaper. Koh emphasized that the loss of funds was not related to classic crypto fraud or connecting his wallet to a suspicious dApp. Since he started working with Web3 in 2017, he claims he has never left his wallet open and has adhered to strict security measures.

A harmful game and a fatal installation

The investor reported that he found an announcement on Telegram about beta testing for the MetaJoy gaming project. The campaign looked convincing: the project had a professionally designed website, an active community on Discord, and detailed documentation on GitBook. Koh also communicated with a team representative who introduced himself as the project’s co-founder, who answered questions in detail, and did not rush into decisions.

Confidence in his own experience played a cruel joke on the investor. Despite many years of working with Web3 projects and participating in the development of the Polygon and BSC ecosystems, he downloaded the game launcher for testing. According to him, the malicious code was activated immediately after the installer was launched and gained access to the system.

Koh noted that the antivirus detected suspicious activity, after which he tried to eliminate the threat himself: he deleted the files, checked the registry, enabled additional protection mechanisms, and even reinstalled Windows 11. However, as it turned out later, these measures were too late.

A day after the incident, all crypto wallets connected to the Rabby and Phantom browser extensions were completely emptied. The losses affected not only the main wallet but also all other storage locations. Koh said:

“The malware had already exfiltrated my encrypted wallet data before I even knew anything was wrong. All my cleanup efforts were already too late. The attacker waited patiently, decoded what they needed, and executed the theft when I thought the danger had passed.”

The entrepreneur filed a report with the Singapore police on December 12 and is awaiting feedback from law enforcement. He believes the attack involved the theft of credentials at the operating system level. He also noted the irony of the situation: Koh had long advocated for storing assets independently, outside of centralized exchanges, but it was precisely this approach that ultimately resulted in serious losses for him.