top of page
Search

19th April 2022 > > Another MetaMask scam.

tl;dr

Another day, another scam. Be aware.


Market Snap (at time of writing)








Market Wrap

It certainly looks like shorts got squeezed overnight (see yesterday’s Market Wrap).


Curious Cryptos’ Commentary – A MetaMask phishing scam

It is with depressing regularity I feel compelled to report on yet another crypto related scam.


Crypto users advanced enough to delve into Decentralised Finance (DeFI) and non-fungible tokens (NFTs) will almost certainly be familiar with MetaMask.


MetaMask is an online web wallet with some great functionality and is also easy to use. All DeFi platforms and all NFT platforms are engineered to easily interact with MetaMask.


The obvious drawback is that MetaMask is an online “hot” wallet and is susceptible to several types of hacking thefts. And here is a new one of this genre.

On Twitter a user known as Domenic Iacovone reported that his MetaMask wallet had been emptied of both cryptos and NFTs, with an estimated value of $650,000 or so.


Ouch.


Iacovone explained the circumstances that led to this theft:


“Got a phone call from Apple, literally from Apple (on my caller ID). Called it back because I suspected fraud and it was an Apple number. So I believed them. They asked for a code that was sent to my phone, and 2 seconds later, my entire MetaMask was wiped.”


Not sure about you, but I find that comment to be a little bit sketchy.


Another Twitter user known as Serpent has offered his analysis, which makes a little more sense:


“MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim's Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim's MetaMask.”


MetaMask themselves have confirmed Serpent’s explanation:


“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.”

Despite the inherent security weaknesses of using a hot wallet, Iacovone has largely been the architect of his own downfall, as Twitter user Romance Jersey pithily puts it:












If anyone of you is currently using MetaMask on an Apple product, the very first thing you should do is this:


“You can disable iCloud backups for MetaMask specifically by turning off the toggle here: Settings > Profile > iCloud > Manage Storage > Backups.”


And anyone else now concerned that they are exposed to potential MetaMask scams should consider fortifying their crypto defences by utilising the virtually impregnable resources of a Ledger Nano as explained in Module 1.12 of the Curious Cryptos’ Training Course:


9 views0 comments

Recent Posts

See All

15th July 2024 > > UK.

tl;dr UK politics as they relate to cryptos. Market Snap Market Wrap In the last six trading days over $1bn has flowed into spot BTC ETFs. We are now one month away from the next quarterly deadline fo

14th July 2024 > > The CCC is back!

tl;dr A criticism, an apology, a dig at the bureaucrats (we haven’t had one for a while), an unlikely wish, and the tantalising prospect of fully opening the doors to TradFi. Market Snap Market Wrap L

7th July 2024 > > TON.

tl;dr TON potentially presents an opportunity like no other. Market Snap Market Wrap I am not the only one who remains relentlessly optimistic about the price of BTC: Curious Cryptos’ Commentary – TON

Comments


bottom of page