- Trending
- Comments
- Latest
A Singapore crypto entrepreneur lost more than 100k yuan after downloading what appeared to be a legitimate game beta test from Telegram, only to discover the software contained malware that drained his wallets within 24 hours.
The victim, Mark Koh, founder of crypto victim-support organization RektSurvivor, revealed the details in an interview with Chinese-language outlet Lianhe Zaobao and a LinkedIn post that has since drawn widespread attention across the Web3 community.
Game-testing scam tactics often rely on urgency and exclusivity, and this case followed that exact blueprint.
According to Koh, the attack began on Dec. 5, when he came across a beta testing opportunity for an online game called MetaToy on Telegram.
What made the Game-testing scam particularly convincing was its professional presentation.
The project featured a polished website, an active Discord server, and team members who responded promptly to questions.
“As someone who has invested in and evaluated multiple Web3 projects, nothing initially stood out as suspicious,” Koh said, explaining why his guard was down.
The Game-testing scam escalated the moment Koh downloaded MetaToy’s game launcher. Unknown to him, the installer silently uploaded malware onto his computer—designed specifically to target browser-based crypto wallets.
Although Norton antivirus flagged suspicious activity, Koh attempted to contain the threat by running full system scans, removing malicious registries, and reinstalling Windows 11.
Despite those defensive measures, the damage was already irreversible.
Within a single day, every software wallet connected to Koh’s Rabby and Phantom browser extensions had been emptied.
In total, the scam wiped out 14,189 USDT, worth roughly 100,000 yuan, representing crypto assets Koh had accumulated over eight years.
This attack appeared highly targeted, Koh warned, adding that angel investors, developers, and early-stage Web3 testers are especially vulnerable due to their frequent interaction with beta software.
Following the incident, Koh urged crypto users to rethink how they store sensitive wallet data.
He advised removing seed phrases from browser-based wallets when not actively in use and relying on private keys instead, reducing exposure across derivative wallets.
The fraud has since been reported to Singapore police, which confirmed to Lianhe Zaobao that a formal report has been received.
The MetaToy Game-testing scam is not an isolated case. It arrives amid a broader surge in malware campaigns targeting crypto users worldwide.
In October, cybersecurity firm McAfee warned that hackers were abusing GitHub repositories to keep banking malware connected to fresh command-and-control servers.
This year has also seen fake AI tools, malicious Captchas, and compromised Ethereum code extensions used to distribute crypto-stealing malware—often masquerading as legitimate developer utilities.
Beyond malware, phishing attacks continue to devastate investors. In August, a crypto investor lost $3.05 million in USDT after unknowingly signing a malicious blockchain transaction, according to blockchain analytics platform Lookonchain.
The attacker exploited a common user habit: verifying only the first and last characters of a wallet address while ignoring the middle.
According to CertiK’s latest security report, crypto investors lost over $2.2 billion to hacks, scams, and breaches in the first half of 2025 alone.
Wallet compromises accounted for $1.7 billion across just 34 incidents, while phishing scams caused more than $410 million in losses across 132 attacks.
The MetaToy incident underscores a sobering reality: Game-testing scam operations are evolving faster than user defenses.
As attackers blend polished branding with weaponized software, even experienced crypto veterans are at risk.
In today’s threat landscape, skepticism—not excitement—may be the most valuable asset Web3 users can hold.
