1. Home
  2. Phishing attack

Phishing attack

MetaMask warns Apple users over iCloud phishing attacks

Coin Telegraph
MetaMask warns Apple users over iCloud phishing attacks
Apple iCloud

The firm warned that If an Apple user has enabled automatic iCloud backups of their MetaMask wallet data, their seed phrase is being stored online.

ConsenSys-owned crypto wallet provider MetaMask has sent out a warning to the community regarding Apple iCloud phishing attacks.

The security issue for iPhone, Mac, and iPad users is related to default device settings which see a user’s seed phrase or “password-encrypted MetaMask vault” stored on the iCloud if the user has enabled automatic backups for their app data.

In a Twitter thread posted on April 18, MetaMask noted that users run the risk of losing their funds if their Apple password “isn’t strong enough” and an attacker is able to phish their account credentials.

To fix the issue, users can disable automatic iCloud backups for MetaMask as detailed:

The warning from MetaMask came in response to reports from an NFT collector who goes by “revive_dom” on Twitter, who stated on April 15 that their entire wallet containing $650,000 worth of digital assets and NFTs was wiped via this specific security issue.

In a separate thread earlier today, DAPE NFT project founder “Serpent” – who also helped gain the attention of MetaMask via posting sharing the story with their 277,000 followers — gave a rundown of what happened to the victim.

They noted that the victim received multiple text messages asking to reset his Apple ID password along with a supposed call from Apple which was ultimately a spoofed caller ID.

As they were reportedly unsuspecting of the caller, “revive_dom” handed over a six-digit verification code to prove that they were the owner of the Apple account. The scammers subsequently hung up and accessed his MetaMask account via data stored on iCloud.

Related: MetaMask expands institutional offering by integrating new crypto custodians

After MetaMask posted the warning today, “revive_dom” expressed his frustrations with the company, noting that:

“I’m not saying they shouldn’t do it but they should tell us. Don’t tell us to never store our seed phrase digitally and then do it behind our backs. If 90% of the people knew this I would bet none of them would have the app or iCloud on.”

While most of the community response was supportive, others were quick to emphasize the importance of using cold storage and doing a lot of due diligence when storing assets in a hot wallet.

Read more
Meme Coin Alert: Ivanka Trump Warns About Fake IVANKA Token

Meme Coin Alert: Ivanka Trump Warns About Fake IVANKA Token

Rare Bears Discord phishing attack nabs $800K in NFTs

Coin Telegraph
Rare Bears Discord phishing attack nabs 0K in NFTs
Coin Telegraph

The account of a moderator from the non-fungible token project was compromised in the attack, posting a phishing link that drained user wallets.

Recently launched NFT project, Rare Bears, was hit with an attack, after a hacker posted a phishing link in the project's Discord channel, stealing nearly $800,000 in NFTs.

Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal 179 NFTs, including Rare Bears and other NFTs from various collections, including CloneX, Azuki, a “mfer” from artist sartoshi, and 6 LAND tokens used for The Sandbox metaverse.

According to on-chain analysis, most of the NFTs were sold, netting the hacker 286 ETH, worth over $795,500, most of which was promptly put through Tornado Cash, a crypto mixer used to obfuscate the source of funds.

A slate of similar phishing scams have occurred in recent months on Discord, suggesting some teams need to more carefully consider the security on admin accounts. Earlier today, the Rare Bears team posted that they had hired security consultant and auditor “Pandez” for a full security audit of its Discord.

How the attack happened

According to an update posted by the Rare Bears team, the hacker gained access to the account of a Rare Bears Discord moderator known as “Zhodan”, posting an announcement within the group's channel that a new mint of NFTs was taking place.

It was a fake of course — a phishing link designed to steal funds from a users' wallet.

The update from the security audit found that the head of the project’s Discord account was compromised. The attacker, using the compromised account, then banned other members, or removed their roles from the server, thereby removing their ability to delete the posted phishing link.

The attacker then invited a bot which locked all channels on the server, removing the ability for others to publicly communicate that the posts and links were fake.

Rare Bears said the team was able to regain control of the server, removing the compromised account and transferring ownership to a new one, and that the server is secure from another attack.

Related: NCA wants regulation for coin mixers, but the crypto industry is already one step ahead

Speaking to Cointelegraph, security consultant Pandez said that users should look out for a few key signs that could mean a message is a scam.

“Almost no serious project will ever do a stealth mint,” Pandez said, “never click any links which appear like this.”

Pandez said other red flags are if channels are locked during a “drop” of a new NFT collection, if the link differs to those shared on Twitter or other official sources for the project, and if the link is continuously posted in the channel.

Past attacks of a similar nature have happened on Discord. In December, Solana NFT project Monkey Kingdom announced that hackers made off with $1.3 million of the community's crypto funds after a security breach. Attackers there also posting a phishing link which drained users’ wallets.

Last November, members of the Discord of popular NFT artist Beeple were also scammed, with attackers gaining access to a moderators account to post a phishing link, similarly draining user funds.

Read more
Meme Coin Alert: Ivanka Trump Warns About Fake IVANKA Token

Meme Coin Alert: Ivanka Trump Warns About Fake IVANKA Token

Opensea CEO Dismisses $200 Million Hack Rumor, Claims Incident Was a Phishing Attack

Bitcoin.com
Opensea CEO Dismisses 0 Million Hack Rumor, Claims Incident Was a Phishing Attack
bitcoin.com
Opensea CEO Dismisses 0 Million Hack Rumor, Claims Incident Was a Phishing AttackOpensea co-founder and CEO, Devin Finzer, has denied rumors that the non-fungible token (NFT) marketplace’s codebase was breached and that attackers had stolen $200 million. According to Finzer, an investigation had shown that the attacker had $1.7 million worth of ethereum in his wallet by leveraging a phishing scheme. Attacker Reportedly Returns Some Stolen NFTs […]
Read more
Meme Coin Alert: Ivanka Trump Warns About Fake IVANKA Token

Meme Coin Alert: Ivanka Trump Warns About Fake IVANKA Token

Study: 68% of Americans Aware of Risks Involved With Cryptocurrencies

Bitcoin.com
Study: 68% of Americans Aware of Risks Involved With Cryptocurrencies
bitcoin.com
Study: 68% of Americans Aware of Risks Involved With CryptocurrenciesNearly seven out of ten surveyed Americans said they were aware of risks that are associated with cryptocurrencies, a new study by Nordvpn has found. However, about 32% of the respondents said they were not aware of any risks. Understanding Cryptocurrencies According to the findings of a new Nordvpn study, about seven in ten Americans, […]
Read more
Meme Coin Alert: Ivanka Trump Warns About Fake IVANKA Token

Meme Coin Alert: Ivanka Trump Warns About Fake IVANKA Token

WordPress Theme by cactus.com
Close

Share this video