A crypto investor revealed how he lost $650,000 (£499,000) thanks to a simple iPhone hack.
Domenic Iacovone, @revive_tom on Twitter, kept all of his valuable NFTs in a digital MetaMask wallet.
However, thanks to a little-known iCloud hack, scammers were able to get their hands on the entirety of his collection.
Advert
Taking to Twitter, he wrote: “Hey y’all, let’s see how amazing this community can be. My entire wallet was just stolen. Totally wiped out...Looking for all the help I can get.”
He then went on to explain how the incident occurred.
It all began with a phone call from ‘Apple’, which he suspected to be fraud at first.
After ignoring the call several times, he noticed the caller ID showed up as ‘Apple Inc.’, so he decided to give them a call back.
Advert
Posing as a member of Apple’s tech team, the scammer explained that Domenic’s Apple account had been compromised.
A code was then sent to his phone in order to verify his identity.
He finished off the story by claiming: “Two seconds later my entire Meta Mask was wiped.”
In a further tweet, the NFT investor claimed the hackers gained access to his 12-word ‘seed phrase’ provided by MetaMask when you set up a wallet – top secret information that must not be shared with anyone else.
Advert
What Domenic failed to realise is that MetaMask automatically stores the seed phrase file on iCloud.
This means the scammers gained access to his iCloud after the phone call and swiped his seed phrase before emptying the entirety of his account - which included several NFTs from the popular Mutant Ape Yachting Club collection, as well as three NFTs from the Gutter Cat collection.
Along with $100,000 (£77,000) in 'ape coin', this all amounts to an estimated $650,000.
Domenic vented his fury on Twitter, adding: "Don’t tell us to never store our seed phrase digitally and then do it behind our backs.
Advert
"If 90 percent of the people knew this I would bet none of them would have the app or iCloud on."
MetaMask has not commented on the incident, but did tweet out advice to users amid the fury.
"If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault," the firm warned.
"If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.
Advert
"You can disable iCloud backups for MetaMask specifically by turning off the toggle here: Settings > Profile > iCloud > Manage Storage > Backups.
"If you want to avoid iCloud surprising you with unrequested backups in the future, you can turn off this feature at: Settings > Apple ID/iCloud > iCloud > iCloud Backup."
Topics: Cryptocurrency, Technology, Twitter