19th April 2022 > > Another MetaMask scam.
tl;dr
Another day, another scam. Be aware.
Market Snap (at time of writing)

Market Wrap
It certainly looks like shorts got squeezed overnight (see yesterday’s Market Wrap).
Curious Cryptos’ Commentary – A MetaMask phishing scam
It is with depressing regularity I feel compelled to report on yet another crypto related scam.
Crypto users advanced enough to delve into Decentralised Finance (DeFI) and non-fungible tokens (NFTs) will almost certainly be familiar with MetaMask.
MetaMask is an online web wallet with some great functionality and is also easy to use. All DeFi platforms and all NFT platforms are engineered to easily interact with MetaMask.
The obvious drawback is that MetaMask is an online “hot” wallet and is susceptible to several types of hacking thefts. And here is a new one of this genre.
…
On Twitter a user known as Domenic Iacovone reported that his MetaMask wallet had been emptied of both cryptos and NFTs, with an estimated value of $650,000 or so.
Ouch.
Iacovone explained the circumstances that led to this theft:
“Got a phone call from Apple, literally from Apple (on my caller ID). Called it back because I suspected fraud and it was an Apple number. So I believed them. They asked for a code that was sent to my phone, and 2 seconds later, my entire MetaMask was wiped.”
Not sure about you, but I find that comment to be a little bit sketchy.
Another Twitter user known as Serpent has offered his analysis, which makes a little more sense:
“MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim's Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim's MetaMask.”
MetaMask themselves have confirmed Serpent’s explanation:
“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.”
…
Despite the inherent security weaknesses of using a hot wallet, Iacovone has largely been the architect of his own downfall, as Twitter user Romance Jersey pithily puts it:

…
If anyone of you is currently using MetaMask on an Apple product, the very first thing you should do is this:
“You can disable iCloud backups for MetaMask specifically by turning off the toggle here: Settings > Profile > iCloud > Manage Storage > Backups.”
…
And anyone else now concerned that they are exposed to potential MetaMask scams should consider fortifying their crypto defences by utilising the virtually impregnable resources of a Ledger Nano as explained in Module 1.12 of the Curious Cryptos’ Training Course:
Recent Posts
See Alltl;dr Georgia, Wisconsin, the list is ever-growing. Oh, and perhaps every investment fund in the world will soon be owning BTC by proxy –...
tl;dr The SEC’s behaviour is far more becoming than we have ever seen before. Operation Choke Point 2.0 is finally killed for good in a...
tl;dr The CFTC is going full-on crypto. It seems that Texas and Michigan are of a like mind. Market Snap Market Wrap That’s four straight...
Comments