Beware of TradingView YouTube channels giving false instructions that can steal crypto wallet
The police are warning members of the public about a fake TradingView YouTube channel.
The channel deceives users into executing malicious scripts as part of its instructions for the installation of the TradingView application, resulting in cryptocurrency wallets being compromised.
TradingView is a legitimate online platform used to chart and analyse financial markets, including stocks, forex and cryptocurrencies. It is downloadable as a desktop and mobile application via its official website.
Victims came across videos from the fake channel with instructions to install a purportedly official TradingView application.
As part of the installation process, victims were directed to download and execute Windows PowerShell scripts.
However, the PowerShell command was a malicious code that compromised the victims' cryptocurrency wallets.
Although the download appeared unsuccessful, a remote access trojan (RAT) was actually installed onto the victims' devices upon running the command.
This allowed scammers to access the victims' devices, resulting in the compromise of their cryptocurrency wallets.
Members of the public are advised to adopt the following precautionary measures to protect themselves:
a)Beware of fake/phishing websites: Avoid running unknown commands, especially from unfamiliar sources, clicking on unsolicited links or downloading attachments from unknown sources. Always verify the links with official sources to ensure you are accessing legitimate cryptocurrency platforms and only download applications from official platforms (e.g. TradingView's website and mobile apps from the official Apple app store or Google Play store). Be wary of fake social media accounts that impersonate official channels and of cryptocurrency opportunities that require upfront cryptocurrency payments, or sound too good to be true. If in doubt, avoid sharing the content with others and verify the information with trusted sources.
b) Use secure wallets: You should use secure wallets such as hardware wallets to store your cryptocurrencies offline as they are less vulnerable to online attacks. If you are required to perform frequent cryptocurrency transactions, use software wallets from reputable exchanges and ensure that they are updated with the latest security patches. You are advised to enable automatic updates, if available, or regularly check the exchange platform for new updates and install them immediately when available.
c) Use strong passwords and enable two-factor authentication (2FA): You should set strong passwords for your wallets and online accounts. Do not share your private keys, recovery or seed phrases with anyone, and store them in physical form in a secure location. Always enable 2FA for cryptocurrency exchange accounts, wallets, and other related services.
d) Monitor and review your accounts regularly: Regularly check your wallets and accounts for unauthorised transactions. Enable account activity notifications if they are available on the platform. Regularly review and revoke the use of high allowances by using blockchain explorers or wallet interfaces.
e) Stay updated and informed: Keep up to date with the latest security threats and best practices in cryptocurrency security through official and trusted sources.
If you are or suspect that you are a victim of cryptocurrency-related crimes, you are advised to do the following immediately:
a) Contact your cryptocurrency exchange to halt further transactions or freeze your account, if possible.
b) Review and revoke any suspicious token approvals using applicable wallet interfaces.
c) If a wallet's seed phrase is compromised, transfer all remaining cryptocurrencies in the compromised wallet to another wallet immediately.
d) Report the incident to the police. You may also report any fraudulent cryptocurrency phishing websites to the Cyber Security Agency of Singapore's SingCERT at singcert@csa.gov.sg or via the incident reporting form at https://www.csa.gov.sg/singcert/reporting. In addition, you may also report the incident to security@tradingview.com and support@tradingview.com.
If you have any information relating to such crimes or if you are in doubt, please call the police hotline at 1800-255-0000, or submit it online at www.police.gov.sg/i- witness. All information will be kept strictly confidential.
If you require urgent police assistance, please dial '999'. If you are unsure if something is a scam, call the 24/7 ScamShield helpline at 1799 or download the ScamShield application to check, detect and block scams.
For more information on scams, visit www.scamshield.gov.sg.
