Scammers are becoming more adept at cryptocurrency thefts day by day, adopting various methods to outfox unsuspecting investors. Recently, $650K worth of Ethereum and Tether was stolen from a MetaMask wallet after a victim fell prey to a phishing scam.
How It Happened
On 15 April, pseudonymous NFT investor @revive_dom reported having lost over $650,000 in a phishing scam. The scammer pretended to be an Apple Inc. representative and used the fake identity to request a verification code for a password reset request on the victims’ Apple ID.
After receiving the 2FA code, the scammer took control over the Apple ID, obtained the credentials to revive_dom’s MetaMask wallet, and stole around 132.86 Ethereum and 252,400 Tether (USDT). The overall value of the stolen funds amounted to $650K.
MetaMask Admits To Storing Password-Info
Twitter user @serpent pointed out that MetaMask saves a ‘seed phrase file’ file on iCloud after a new password is created. The file contains a list of words that store all the information needed to access an account. Thus, by gaining control of an Apple ID, one can essentially gain control over a MetaMask vault and drain out funds.
While MetaMask did not directly acknowledge the scam, it was later revealed that the wallet did covertly store password-related data on an iCloud ID, unbeknownst to many. A thread posted by MetaMask then guided users on how to disable iCloud backups, possibly safeguarding users from such scam attempts.
Crypto Scams Are Becoming A Growing Pain
While the face-paced cryptocurrency industry is evolving each day, unfortunately, security measures are not. Several loopholes, such as the one highlighted above, exist for scammers to act upon. This should make crypto investors particularly careful while storing funds on wallets and even exchanges.
A report by Chainalysis showed that scammers stole $14 Billion worth of crypto in 2021, nearly double the amount stolen in 2020. Experts claimed that the lack of KYC procedures along with weak security measures were some reasons why scammers were able to get away with thefts time and time again. Although it’s nearly impossible to completely safeguard an account from such thefts, a guide on how to bolster security can be found on @serpent’s thread.