SECURITY

Cryptocurrency scams resurface with a new tactic, victims' MetaMask wallets emptied, officials urge to disable iCloud backup feature.

share
Cryptocurrency scams resurface with a new tactic, victims

Sentinel founder Serpent shared on Twitter the latest cryptocurrency scam, where scammers trick victims into resetting their Apple ID and obtaining the 2FA one-time verification code. With this code, scammers can access MetaMask-related data stored on iCloud and drain funds. MetaMask subsequently urged users on Twitter to disable iCloud backup.

Key Prevention Measures:

  • Do not provide verification codes to anyone.
  • Do not disclose phone numbers or email addresses.
  • Always store high-value assets in a cold wallet.
  • Caller ID information can be spoofed; companies like Apple will never call you.

$650,000 Stolen

Serpent described the incident. Twitter user Domenic Iacovone received multiple text messages on 4/15 requesting a reset of his Apple ID password and later in the afternoon received a call from "Apple Inc."

"Apple Inc." claimed suspicious activity on his Apple ID and requested a password reset followed by a one-time verification code.

Call from "Apple Inc."

After providing the one-time verification code, this gave scammers the opportunity to prove they were the owner of the Apple ID account and subsequently emptied their MetaMask wallet.

How did having access to Apple ID lead to the cryptocurrency wallet?

If Apple users have iCloud backup enabled, MetaMask stores the seed phrase in iCloud. The attack process was as follows:

  1. Request victim to reset password to raise suspicion.
  2. Impersonate Apple official calling the victim, claiming account had suspicious activity.
  3. After password reset, request victim to provide a one-time verification code to prove ownership of Apple ID.
  4. Scammers access iCloud account, including MetaMask data, after obtaining the verification code.

Twitter user Domenic Iacovone lost several Bored Ape Yacht Club NFTs, totaling 132.86 ETH, 252,400 USDT, valued at $655,388 at the time.

MetaMask Response

MetaMask urged Apple users to take the following actions:

  1. Settings
  2. Profile
  3. iCloud
  4. Manage Storage
  5. Click "Backup"
  6. Turn off MetaMask backup
  7. Permanent solution: Settings/Profile/iCloud/Directly turn off iCloud backup