How This iCloud Scam Wiped Out A Crypto Trader’s $650,000 In Seconds

Mobile Phone

Lately, there have been a lot of reports of multi-level marketing scams and hacks happening in the crypto world. Crypto enthusiasts are losing their hard earned money to hackers and fraudsters who seem to becoming more and more sophisticated in their tactics.

One recent victim is Domenic Iacovone, a trader who lost over $650,000 to scammers. In an heartbreaking tweet, a devastated Iacovone reveals how he was scammed.

Writing on Twitter, the crypto trader said that his entire collection of cryptocurrencies and NFTs he held in a MetaMask wallet had been stolen and that it all started with a phone call he thought was from Apple.

At first, the victim suspected the call might be fraud so he simply ignored it. However, when the caller ID showed ‘Apple’ associated with the calling phone number, he decided to call it back.

The cyber thief on the other end of the phone who used a scam involving a caller ID spoof, said Iacovone’s Apple ID account had been experiencing suspicious activity and asked for a code that was sent to the trader’s iPhone.

Once the scammer got the 2FA code, he then used it to reset the victim’s password, accessing his iCloud account, including the seed phrase file which MetaMask, unknowingly to Iacovone (and other users), had automatically stored on iCloud from his iPhone.

Iacovone says that only “two seconds later” his entire wallet, which included $160K worth of Ether (ETH), a Mutant Ape Yacht Club NFT worth an estimated $80K, as well as $100K in ApeCoin (APE) and $250K in Tether (USDT), “was wiped.”

“Don’t tell us to never store our seed phrase digitally and then do it behind our backs,” Iacovone said, adding that “[i]f 90 percent of the people knew this [he] would bet none of them would have the app or iCloud on.”

Meanwhile, MetaMask without commenting on the incident took to Twitter Sunday, warning users to disable iCloud backups for MetaMask:

“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault,” the firm warned, adding that if “your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.”

“You can disable iCloud backups for MetaMask specifically by turning off the toggle here: Settings > Profile > iCloud > Manage Storage > Backups.

“If you want to avoid iCloud surprising you with unrequested backups in the future, you can turn off this feature at: Settings > Apple ID/iCloud > iCloud > iCloud Backup.”

MetaMask is a popular software wallet for holding cryptocurrency tokens. It is considered a hot wallet, which means that it is always connected to the internet.

Following Iacovone’s incident, a crypto security expert nicknamed Serpent took to Twitter to explain the mechanics of the scam while also providing some advice for other crypto traders on how to protect themselves from falling victim to similar scams. He advised hodlers to never give out their Apple verification codes to anyone, noting that that companies like Apple “will never call you” in situations like this. Serpent also warned crypto/NFT traders/investors to use a cold wallet to store valuables.

As already noted, as a cryptocurrency trader, you are always at risk of being scammed. However, there are precautions that you can take to protect yourself from these scams. Again, make sure you never give away your private keys and always use 2-factor authentication. Remember, scamming is only going to get worse as the value of cryptocurrencies continues to increase. Be vigilant and stay safe!

Disclaimer: This page contains affiliate links. If you choose to make a purchase after clicking a link, we may receive a commission at no additional cost to you. Thank you for your support!

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.