Connect with us

Hi, what are you looking for?

Cyber Security

Hackers steal $655K after picking MetaMask seed from iCloud backup

MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple’s iCloud if app data backup is active.

MetaMask is a “hot” cryptocurrency wallet used by over 21 million investors to store their wallet tokens and manage their digital assets.

In cryptocurrency lingo, a seed is a secret recovery phrase consisting of 12 words that protect access to the wallet’s content.

Storing the wallet seed in iCloud practically means that if an owner has their Apple account compromised, their digital assets are also at risk.

https://twitter.com/MetaMask/status/1515727239391809536?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1515727239391809536%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-steal-655k-after-picking-metamask-seed-from-icloud-backup%2F

Real phishing case

Unfortunately, the scenario above was already used against at least one MetaMask user who has lost over $655k as a result of a well-crafted phishing attack.

https://twitter.com/Serpent/status/1515545806857990149?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1515545808703488006%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhackers-steal-655k-after-picking-metamask-seed-from-icloud-backup%2F

The target received multiple text messages asking to reset his Apple account and the attacker then followed up with a call from a spoofed Apple Inc. number pretending to be the firm’s support agents investigating suspicious activity on his account.

The victim followed the instructions and provided the fake support agents the six-digit verification code received from Apple. Soon, his MetaMask wallet was emptied.

The hackers had already requested one final Apple account password reset and all they needed was the additional verification to access the victim’s iCloud data where the MetaMask seed was backed up. This allowed them to steal $655,388 worth of crypto.

What to do

To keep your digital assets safe from such tricky attacks, make sure to exclude MetaMask from iCloud backups via Settings > Profile > iCloud > Manage Storage > Backups.

Disabling iCloud backup on the iOS
Disabling iCloud backup on the iOS

The two-factor authentication code is a temporary secret that should not be shared with anyone, regardless how convincing a call, email, or SMS may appear. Official representatives would never ask for it.

Additionally, cryptocurrency users can keep their assets safer in a cold wallet if they’re not actively trading them instead of the MetaMask hot wallet.

Finally, keeping your investments out of social media and other public channels make you less of a target as hackers are keeping an eye for fresh, high-value victims.

Source: https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The law enforcement agency says it has been tracking large volumes of cryptocurrency stolen by North Korean hackers during a summer of high-profile cyber...

Cyber Security

The Cyber Safety Review Board will assess how a hacking group reportedly linked to China leveraged a vulnerability in Microsoft Exchange Online to access...

Cyber Security

Pyongyang’s growing reliance on cybercrimes to circumvent international sanctions should push the U.S. and its allies to fully enforce existing sanctions and review whether...

Cyber Security

The agency has been granted new and important roles under the Biden administration’s plan to safeguard U.S. digital networks. The Department of Justice announced...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO