 | TL:DR If you have MetaMask on an iPhone or Mac, then you're likely also using iCloud backup. MetaMask backup your Valut containing your seed by default, so turn that off from Settings\Profile\iCloud\Manage Storage! Summary I have been following this developing story on Twitter about a user that lost $650K yesterday due to the following phishing method with others coming forward claiming that the same has also happened to them. Background When you create a wallet using MetaMask on an iPhone, the app will create a JSON containing your wallet, this is stored on your device. Most users use iCloud to automatically backup their phone and app data, but unbeknown to many users, MetaMask include this file as part of the backup. From a google search, this isn't new, it was discovered in 2019, but MetaMask have today acknowledged (addressed) it HERE after a number of users were targeted resulting in lost funds. Phishing Method For the user that lost $650K, it appears to be a very sophisticated attack. They fell victim as follows... The malicious attacker requested several password resets against their AppleID/iCloud generating several emails to their account. From there, they using a spoofed caller id to call the victim and claimed that they were from Apple and calling about suspicious activity on their account. They asked them to generate their MFA one time pass to confirm that they were the account owner. The hacker used this to reset the password and take control of the Apple account. From there, they were able to restore from a backup and drain the wallet of all funds. More reading / source [link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments