Sentinel Founder Serpent Shared on Twitter the Latest Crypto Scam; MetaMask Suggested to Turn off the iCloud Backup Function.
By tricking victims into resetting their Apple ID and obtaining a 2FA one-time verification code, the scammers could access their MetaMask-related data stored on iCloud and drain the funds. MetaMask also immediately called on users to turn off the iCloud backup function on Twitter.
TLDR — Protection Tips
- Do not provide verification codes to anyone.
- Do not reveal mobile phone numbers and emails.
- Always store high-value assets in cold wallets.
- “Caller information” is easy to fake, and a company like Apple and Google will never call you.
650K USD Was Stolen
According to Serpent’s tweet on 17th April, Twitter user Domenic Iacovone received multiple cellphone messages on 15th April, asking him to reset his Apple ID password, and received a call from “Apple Inc.” that afternoon.
Afterward, “Apple Inc.” stated that his Apple ID showed suspicious activity and asked him to reset his password and then requested a one-time verification code.
After the victim gave the one-time verification code, this provided the scammer an opportunity to prove that they were the owner of the Apple ID account, and the scammer then emptied his MetaMask wallet.
Why Having an Apple ID Can Access a Crypto Wallet?
If Apple users have turned on the iCloud backup function, MetaMask will store the mnemonic in iCloud. The attack process is as follows:
- Ask the victim to reset their password first to make the victim suspicious.
- Call the victim pretending to be an official Apple, claiming suspicious activity on the account.
- After resetting the password, the victim is asked to provide a one-time verification code to prove that the victim is the Apple ID owner.
- After getting the verification codes, scammers gain access to iCloud accounts, including MetaMask data.
Twitter user Domenic Iacovone lost multiple Boring APE NFTs, totaling 132.86 ETH and 252,400 USDT, worth about US$655,388.
MetaMask Official Recommendations
MetaMask provided the following steps on Twitter for Apple users:
- Settings
- Profile
- iCloud
- Manage storage
- Click “Backups”
- Turn off the MetaMask backup function
- Once and for all solution: Settings / Profiles / iCloud / Directly turn off the iCloud backup function
Final Words
This post may be a bit late for those who have already fallen victim to this iCloud-MetaMask phishing/ smashing scam. But for other crypto owners and NFTs collectors, it would show how to prevent the latest scamming technique.
The two-factor authentication code is a temporary secret that cannot be shared with anyone, regardless of how convincing a call, an email, or SMS may seem. Authorized representatives would never ask for an authentication code.
Furthermore, crypto owners should consider implementing a two or three-tier wallet system to minimize their loss in the hot wallet, like MetaMask in this case. Lastly, retaining your crypto investments from social media and other public channels makes you less of a target. As you may know, hackers and scammers are looking for potential victims with the same track.
Thank you for reading. May InfoSec be with you🖖.