Crypto Fraud New Trick: the Victim’s MetaMask Wallet Was Emptied

By tricking victims into resetting their Apple ID and obtaining a 2FA one-time verification code, the scammers could access their MetaMask-related data stored on iCloud and drain the funds. MetaMask also immediately called on users to turn off the iCloud backup function on Twitter.

TLDR — Protection Tips

650K USD Was Stolen

According to Serpent’s tweet on 17th April, Twitter user Domenic Iacovone received multiple cellphone messages on 15th April, asking him to reset his Apple ID password, and received a call from “Apple Inc.” that afternoon.

Later, “Apple Inc.” stated that his Apple ID showed suspicious activity asked him to reset his password, and then requested a one-time verification code.

After the victim gave the one-time verification code, this provided the scammer an opportunity to prove that they were the owner of the Apple ID account, and the scammer then emptied his MetaMask wallet.

Why Having an Apple ID Can Access a Crypto Wallet?

If Apple users have turned on the iCloud backup function, MetaMask will store the mnemonic in iCloud. The attack process is as follows:

1. Ask the victim to reset their password first to make the victim suspicious.
2. Call the victim pretending to be an official Apple, claiming suspicious activity on the account.
3. After resetting the password, the victim is asked to provide a one-time verification code to prove that the victim is the Apple ID owner.
4. After getting the verification codes, scammers gain access to iCloud accounts, including MetaMask data.

Twitter user Domenic Iacovone lost multiple Boring APE NFTs, totaling 132.86 ETH and 252,400 USDT, worth about US$655,388.

MetaMask Official Recommendations

MetaMask provided the following steps on Twitter for Apple users:

1. Settings
2. Profile
3. iCloud
4. Manage storage
5. Click “Backups”
6. Turn off the MetaMask backup function
7. Once and for all solution: Settings / Profiles / iCloud / Directly turn off the iCloud backup function

Final Words

This post may be a bit late for those who have already fallen victim to this iCloud-MetaMask phishing/ smashing scam. But for other crypto owners and NFTs collectors, it would show how to prevent the latest scamming technique.

The two-factor authentication code is a temporary secret that cannot be shared with anyone, regardless of how convincing a call, an email, or SMS may seem. Authorized representatives would never ask for an authentication code.

This post may be a bit late for those who have already fallen victim to this iCloud-MetaMask phishing/ smashing scam. But for other crypto owners and NFTs collectors, it would show how to prevent the latest scamming technique.

The two-factor authentication code is a temporary secret that cannot be shared with anyone, regardless of how convincing a call, an email, or SMS may seem. Authorized representatives would never ask for an authentication code.

Furthermore, crypto owners should consider implementing a two or three-tier wallet system to minimize their loss in the hot wallet, like MetaMask in this case. Lastly, retaining your crypto investments from social media and other public channels makes you less of a target. As you may know, hackers and scammers are looking for potential victims with the same track.

Bonus - How to Protect Your Crypto Assets With Infosec Concepts and Principles

I previously wrote about using cybersecurity concepts like "Defense-in-Depth" (DiD) and Zero Trust to safeguard your crypto tokens, NFTs, and crypto wallet. I also introduced the concepts of "Crypto Hygiene" (analogy of cyber hygiene).

Let's combine them by using cybersecurity knowledge to strengthen your crypto-security! 🦾

---

Thank you for reading. May InfoSec be with you🖖.