A cautionary tale for crypto enthusiasts just landed from Singapore. Mark Koh, a seasoned entrepreneur and founder of the victim-support group RektSurvivor, lost his entire cryptocurrency portfolio after downloading malware disguised as a beta testing opportunity for an online game called MetaToy.
The incident, which occurred on December 5, wiped out eight years of accumulated crypto assets.
Koh first discovered the MetaToy beta through Telegram channels. The project appeared highly professional, with a convincing website, an active Discord server, and responsive team members. Everything seemed legitimate.
Red flags emerged when Norton antivirus flagged suspicious activity after he downloaded the game launcher. Koh immediately ran full system scans, deleted questionable files and registries, and even reinstalled Windows 11. Despite these efforts, every software wallet connected to his Rabby and Phantom browser extensions was emptied within 24 hours.
The attack drained $14,189 across multiple wallets, each protected with separate seed phrases that were never digitally stored.
Experts believe the exploit combined authentication token theft with a Google Chrome zero-day vulnerability discovered in September. This vulnerability allows malicious code to execute even when browser wallets are closed. Norton antivirus blocked multiple dynamic link library hijack attempts, signaling that the malware used multiple attack vectors.
It also installed a malicious scheduled process that survived Koh’s cleanup efforts.
Koh is now urging crypto investors and developers who download beta launchers to remove seeds from browser-based hot wallets when not in use. He recommends relying on private keys instead of seed phrases to limit exposure to derivative wallets.
Singapore police have confirmed they received a report about the fraud. Another victim reached out to RektSurvivor while still communicating with the scammer, highlighting the persistent and sophisticated nature of these attacks.
Cybercriminals are constantly evolving their tactics. This year alone, hackers have leveraged GitHub repositories, fake AI tools, malicious Captchas, and compromised code extensions to deploy crypto-stealing malware. For anyone in crypto, vigilance and proactive security measures are no longer optional—they are essential.
