To avoid online scams, common sense and vigilance are just as important and effective as technical solutions. The example of this trader is eloquent: victim of a phishing attack, he had more than $600,000 worth of cryptocurrency stolen!
Domenic Lacovone is a rather experienced trader, who owns several hundred thousand dollars in cryptocurrencies and NFTs. A priori, one might think that he is well versed in computer security, or at least that he understands the issues, since he evolves in a very connected environment. But faced with cheeky crooks, he was still had.
A well-developed phishing
He says he received a call from Apple. Suspicious, he does not answer, but decides to call back this same number and to his great surprise, he comes across a person who actually claims to be from Apple. ” They asked me for the code sent to my phone and two seconds later my MetaMask wallet was emptied “, he writes. He had half a million dollars in cryptocurrencies, and an NFP App Yacht Club immediately resold by the thieves for 26.5 ether ($80,000). In all, a deadweight loss amounting to $650,000…
Hey y’all, let’s see how amazing this community can be. My entire wallet was just stolen. Totally wiped out,
MAYC 28478, MAYC 8952, MAYC 7536
Gutter cat 2280, 2769, 2325
Also stole 100k in ape coin.
Looking for all the help I can get.100kreward @BoredApeYC @GutterCatGang
— Domenic Iacovone (@revive_dom) April 14, 2022
The scammers planned it, first by sending fake emails on Apple letterhead informing him that he needed to change his iCloud account password. The phone number also bore the Apple name. As for the code that was displayed on the iPhone, it is the two-factor protection: the thieves had the identifier and the password of their victim (probably by exploiting social engineering techniques), but they lacked the famous code.
You should know that Apple would never ask to reveal a verification code over the phone, and unfortunately for him Domenic Lacovone was not suspicious. However, the story reveals a weakness: if the thieves were able to obtain the MetaMask account password and thus siphon the contents of the wallet, it was because it was stored in the user’s iCloud backup.
If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on
) 1/3
— MetaMask
(@MetaMask) April 17, 2022
MetaMask therefore recommends disabling automatic iCloud backup in iPhone settings.
[related_posts_by_tax taxonomies=”post_tag”]
The post $650,000 worth of cryptocurrency stolen with clever iCloud phishing appeared first on Gamingsym.