Sentinel Founder Serpent Shared on Twitter the Latest Crypto Scam; MetaMask Suggested to Turn off the iCloud Backup Function. By tricking victims into resetting their Apple ID and obtaining a 2FA one-time verification code, the scammers could access their MetaMask-related data stored on iCloud and drain the funds. MetaMask also immediately called on users to turn off the iCloud backup function on Twitter. TLDR — Protection Tips Do not provide verification codes to anyone. Do not reveal mobile phone numbers and emails. Always store high-value assets in cold wallets. “Caller information” is easy to fake, and a company like Apple and Google will never call you. 650K USD Was Stolen According to on 17th April, Twitter user received multiple cellphone messages on 15th April, asking him to reset his Apple ID password, and received a call from “Apple Inc.” that afternoon. Serpent’s tweet Domenic Iacovone Afterward, “Apple Inc.” stated that his Apple ID showed suspicious activity and asked him to reset his password and then requested a one-time verification code. After the victim gave the one-time verification code, this provided the scammer an opportunity to prove that they were the owner of the Apple ID account, and the scammer then emptied his MetaMask wallet. Why Having an Apple ID Can Access a Crypto Wallet? If Apple users have turned on the iCloud backup function, The attack process is as follows: MetaMask will store the mnemonic in iCloud. Ask the victim to reset their password first to make the victim suspicious. Call the victim pretending to be an official Apple, claiming suspicious activity on the account. After resetting the password, the victim is asked to provide a one-time verification code to prove that the victim is the Apple ID owner. After getting the verification codes, scammers gain access to iCloud accounts, including MetaMask data. Twitter user lost multiple Boring APE NFTs, totaling 132.86 ETH and 252,400 USDT, worth about US$655,388. Domenic Iacovone MetaMask Official Recommendations MetaMask provided on Twitter for Apple users: the following steps Settings Profile iCloud Manage storage Click “Backups” Turn off the MetaMask backup function Once and for all solution: Settings / Profiles / iCloud / Directly turn off the iCloud backup function Final Words This post may be a bit late for those who have already fallen victim to this iCloud-MetaMask phishing/ smashing scam. But for other crypto owners and NFTs collectors, it would show how to prevent the latest scamming technique. The two-factor authentication code is a temporary secret that cannot be shared with anyone, regardless of how convincing a call, an email, or SMS may seem. Authorized representatives would never ask for an authentication code. Furthermore, crypto owners should consider implementing a two or three-tier wallet system to minimize their loss in the hot wallet, like MetaMask in this case. Lastly, retaining your crypto investments from social media and other public channels makes you less of a target. As you may know, hackers and scammers are looking for potential victims with the same track. Thank you for reading. May InfoSec be with you🖖. https://hackernoon.com/protect-your-crypto-wallets-with-infosec-the-three-tier-wallet-system-and-crypto-hygiene

Ethereum

Tether

ApeCoin

Apple

Google

Target

Twitter

How to Work in Web 3, Cryptocurrency?

Protect Your Crypto Wallets With InfoSec - The Three-Tier Wallet System and Crypto-Hygiene

2021 - HackerNoon Contributor of the Year - CULTURE

Support Me on Coil

2021 - HackerNoon Contributor of the Year - PERSONAL-DATA

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Privacy

Nominated for 2022 - HackerNoon Contributor of the Year - Beginners Guide

Nominated for 2022 - HackerNoon Contributor of the Year - Containers

Nominated for 2022 - HackerNoon Contributor of the Year - Data Privacy

Too Long; Didn't Read

Crypto Fraud New Tricks: Victim's MetaMask Wallet Emptied by Resetting Apple ID 

Crypto Fraud New Tricks: Victim's MetaMask Wallet Emptied by Resetting Apple ID

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

$1B Capitalization: Meme Token Launch Strategy Under the Microscope

(1/100) Crypto Countdown: Golem

06/09/2018: Biggest Stories in the Cryptosphere

07/09/2018: Biggest Stories in the Cryptosphere

$PEPE, a Purple Lamborghini, and More: The Story Continues

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

$1B Capitalization: Meme Token Launch Strategy Under the Microscope

(1/100) Crypto Countdown: Golem

06/09/2018: Biggest Stories in the Cryptosphere

07/09/2018: Biggest Stories in the Cryptosphere

$PEPE, a Purple Lamborghini, and More: The Story Continues

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps