Hackers attack MetaMask users via phishing and steal $655,000
Showing off your wealth on social networking sites is an easy thing to encounter, but if you are a cryptocurrency investor, it is recommended to be cautious about showing off your wealth on social networking sites. Hackers seem to be looking for investors who hold large amounts of assets through social networking sites, and then collect information in various ways and then conduct targeted phishing. At present, hackers steal $655K after picking MetaMask seed from iCloud backup.
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
According to the reminder issued by the official Twitter of MetaMask, if the user turns on iCloud automatic backup, the password-encrypted MetaMask vault will also be uploaded to the cloud. The seed refers to a secret recovery phrase consisting of 12 words that protect access to the wallet’s content. In theory, anyone who obtains the seed can restore the wallet and transfer wallet assets. The advantage of turning on the backup is that even if the phone is lost or the wallet is accidentally uninstalled, the data can be restored. The disadvantage is that it will be miserable if the Apple account is phished. For this reason, MetaMask reminds investors to turn off the backup function.
The hackers first looked for potential targets on social networking sites, namely wealthy investors who used cryptocurrency wallets, and then collected the data. How the data is collected is unknown, but various social engineering must be indispensable. The hacker’s goal is to find the target user’s mobile phone number to send a phishing link. The hacker then sent multiple text messages to the target user to remind the user that the Apple account password needs to be reset, the account password may have been leaked elsewhere, and so on. After considering these circumstances, the user clicked the link to enter the phishing website made by the hacker, submitted the Apple account and password, and then the hacker logged in to the account.
1/ On April 15th, @revive_dom received multiple text messages asking to reset his Apple ID password and at 6:32 PM he received a call from "Apple Inc." which was a spoofed caller ID.
They claimed that there was suspicious activity on his Apple ID and they asked for a one-time pic.twitter.com/fc8lSntgyP
— Serpent (@Serpent) April 17, 2022
Apple account has two-step verification, but the hacker directly contacted the user to ask for the verification code. After getting the verification code, the hacker successfully logged in to the account to obtain data and then stole the wallet.