A crypto trader lost $650,000 (roughly Rs 5 crore) worth of cryptocurrency and NFT to scammers. Domenic Iacovone shared his experience and sought help from experts on Twitter. He even offered $100K as reward for any assistance.
Iacovone said that he had stored his digital assets on a cryptocurrency wallet called MetaMask. He began to receive messages asking him to reset his Apple ID and password. Initially, the crypto trader did not heed the messages thinking of them to be sent by fraudsters.
Later, however, he received a call from Apple Inc. Iacovone noticed that the number was associated with Apple and it made him believe that the call was genuine.
“Got a phone call from Apple, literally from Apple (on my caller ID). Called it back because I suspected fraud and it was an apple number so I believed them," he tweeted.
Hey y’all, let’s see how amazing this community can be. My entire wallet was just stolen. Totally wiped out,
MAYC 28478, MAYC 8952, MAYC 7536Gutter cat 2280 , 2769, 2325
Also stole 100k in ape coin.
Looking for all the help I can get.— Domenic Iacovone (@revive_dom) April 14, 2022
The person on the phone told Iacovone that his account was compromised and that they require a OTP to verify his credentials. But, as soon as he shared the 6 digit verification code, the person hung up and in seconds Iacovone's account was wiped off of all the cryptocurrency and NFTs that he had saved on MetaMask.
Responding to Iacovone's tweet, a crypto security advisor @Serpent took cognizance of the matter and shared additional details about the incident, including the screenshots of Iacovone’s phone.
NEW PHISHING SCAM
Already $650,000 stolen from a single individual and it's going to happen to a lot more people.
This is how it happened— Serpent (@Serpent) April 17, 2022
According to Serpent, there is a 12-digit number also known as a seed phrase, which must be kept confidential. That number is the only way to access a crypto wallet. Serpent revealed that MetaMask apparently stores the seed phrase file on iCloud which could have been how the scammers got access to Iacovone’s wallet. After that, all they needed was an OTP sent on his phone.MetaMask, although did not comment on the incident, shared a tweet warning the users about a possible phishing scam.
Process of this attack:
1) Scammer requests random password resets to make the victim suspicious
2) Using a caller ID spoofer, the scammer will call the victim as Apple and claim there is suspicious activity on the account
— Serpent (@Serpent) April 17, 2022
3) The scammer will request a password reset for the victim's Apple ID
4) The scammer will ask the victim for the code, claiming it is to verify they are the real owner of the Apple ID, when in reality they are using that code to reset the victim's password— Serpent (@Serpent) April 17, 2022
5) The scammer will have access to the victim's iCloud account, giving them free access to everything, including all the data MetaMask stores on iCloud
132.86 ETH ($402,988 USD)
$655,388— Serpent (@Serpent) April 17, 2022
Responding to Serpent's tweet, MetaMask shared a warning with the users about a possible phishing scam.
The company also suggested disabling iCloud backups for MetaMask specifically.
If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on) 1/3— MetaMask (@MetaMask) April 17, 2022