Following a $655,000 hack, MetaMask advises its users with Apple devices to deactivate the iCloud automatic backup. Indeed, ill-intentioned people pretended to be Apple to a victim, who was unpleasantly surprised to find that his entire wallet had been stolen
MetaMask warns Apple users
Last Friday, an investor named Domenic Iacovone received an alleged call from Apple’s customer service department, and was then tricked by thieves into taking his entire MetaMask wallet.
Hey y’all, let’s see how amazing this community can be. My entire wallet was just stolen. Totally wiped out,
MAYC 28478, MAYC 8952, MAYC 7536
Gutter cat 2280 , 2769, 2325
Also stole 100k in ape coin.
Looking for all the help I can get.100kreward @BoredApeYC @GutterCatGang
– Domenic Iacovone (@revive_dom) April 14, 2022
The wallet contained several non-fungible tokens (NFTs) from the Mutant Ape Yatch Club and Gutter Cat Gang collections, as well as $100,000 in ApeCoin (APE). The total value of the theft is approximately $655,000.
The Twitter user under the pseudonym Snake, describes what happened to Domenic Iacovone to get there:
NEW PHISHING SCAM
Already $650,000 stolen from a single individual and it’s going to happen to a lot more people.
This is how it happened
– Serpent (@Serpent) April 17, 2022
First, the thieves triggered random resets of the victim’s Apple ID to put the victim on guard. Then they called repeatedly with a fake caller ID, so that Domenic Iacovone would think it was a missed call from Apple.
So he called the number back and was asked to reset his ID himself because of allegedly suspicious activity, and then to transmit the double authentication code under the pretext of proving his identity.
With this manipulation, the thieves gained access to Domenic Iacovone’s Apple iCloud service and were able to steal the contents of his MetaMask wallet.
As a result of this story, MetaMask has issued a warning about automatic backups and explained how to prevent them:
If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on ) 1/3
– MetaMask (@MetaMask) April 17, 2022
A local private key backup
Following this mishap, the victim was offended to learn that MetaMask was backing up private keys without our knowledge. In truth, it was not a secret. In fact, it makes sense that they are stored locally, otherwise we would not have access to our recovery phrase in the wallet’s security settings.
This is what Charles Guillemet, Ledger’s CTO, explained in his interview with Cryptoast:
The private key of a hot wallet is stored on our machine (or iCloud in this case) and it’s simply encrypted. But someone skilled enough to override this encryption will then have access to the entire wallet. The most effective way to protect against this is to use a hardware wallet, especially for such large amounts.
If Domenic Iacovone had had one, the phishing attack on him would have failed. As he is very active on his Twitter and Instagram, it is very likely that he was specifically targeted and that the thieves had prepared their move after a period of observation and preparation.
Although this unfortunate episode affected an Apple user, it should be borne in mind that it could have happened on any machine. No one is immune to these types of attacks, and often the human remains the main vulnerability.
This reminds us that in cryptocurrencies, we are entirely responsible for our money and therefore the security that goes with it.
