Singapore entrepreneur loses over $14,000 in crypto to fake game malware

A Singapore-based entrepreneur has lost more than $14,000 in crypto after falling victim to malware disguised as a beta game-testing opportunity. The victim, Mark Koh, is the founder of scam victim-support group RektSurvivor.

On December 5, Koh encountered a Telegram post promoting beta access to an online game called MetaToy. Convinced by the project’s professional-looking website, Discord server, and responsive team, he downloaded the game launcher.

The launcher instead installed malware on his computer. Despite antivirus warnings, full system scans, file deletions, and even a fresh installation of Windows 11, all software wallets connected to his Rabby and Phantom browser extensions were drained within 24 hours.

Koh lost a total of $14,189 in crypto accumulated over eight years. He said he never logged into his wallets and kept seed phrases offline and separate.

He believes the attack likely combined authentication token theft with a Chrome zero-day vulnerability, using multiple attack vectors. Koh urged investors and developers to remove seeds from browser wallets when not in use and consider using private keys to reduce cascading risk.

The case has been reported to Singapore police, and at least one other local victim has come forward in connection with the MetaToy exploit.