cryptopticon

News
Articles
Tutorials
Book Reviews
Art Gallery
Contact
About

0
0
ESC
cryptopticon
cryptopticon
  • News

Stolen keys, hackers thieves

  • cryptopticon

Wallet Keys Stolen

A wallet with over half a million dollars was emptied recently because of a hacked Apple account, where the seed phrase for a metamask wallet was stored in an iCloud account with two-factor authentication enabled. This highlights that cloud storage is not recommended for storing wallet keys

meta mask

Hacked Through Telephone Call

It’s been reported the account was compromised with via a telephone call from what looked to be a legitimate ‘Apple’ caller-ID, where the two step verification code was socially engineered out of the user. The hackers knew what they were looking for and once iCloud access had been gained the wallet was emptied of over half a million dollars

2FA Secures account but not the user

The number one way to compromise an account is by communicating with the human with auth access, in this instance the fault is not with Apple nor MetaMask, who both overall offer sound security advice. The weak point in this situation was the person who had correctly secured their account with two-factor authentication (2FA), but then didn’t realise the extent someone would go to engineer the handing over the two step auth code to a cold caller

Secured by default

I have been through the installation process for MetaMask on iOS and at no point did the OS try to back the seed phrase up to iCloud, as it does with other passwords when setting up apps or logging into websites. This should serve as a sobering reminder that who controls the keys to a wallet has total control of the value inside the wallet

Here is the advice given by the MetaMask iOS app during setup, at no point does it tell you to save it to a cloud storage device, anything connected to the internet is vulnerable to being pwned remotely. Cold storage requires access to a physical location to access the recover seed phrase

Security in the Web3 world has a learning curve and it’s important to note the value in cryptographically secured assets are wholly owned by the person who holds the key, no institution, bank or company can sanction the removal of the funds

TLDR; An iCloud account with 2FA enabled was compromised where the seed phrase for a MetaMask wallet was stored costing the owner of the wallet over half a million dollars

cryptopticon

Previous Article
  • Articles

Qubes: Install Nix Package Manager

  • cryptopticon
View Post
Next Article
  • Tutorials

QubesOS: Install Inkscape in Debian

  • cryptopticon
View Post

You May Also Like

View Post
  • Articles
  • News

Linux Distro for Crypto

  • cryptopticon
  • April 12, 2022
View Post
  • Blockchain Adoption
  • News

xDai Tigers Relased

  • cryptopticon
  • October 25, 2021
View Post
  • News

Unstoppable Domains L2 Announcement

  • cryptopticon
  • October 15, 2021
View Post
  • News

Domains: Rover Forum Spam

  • cryptopticon
  • August 10, 2021
View Post
  • Articles
  • News

OneWeb – Low Earth Connectivity – Rural Availability

  • cryptopticon
  • July 1, 2021
inverted eclipse
View Post
  • Articles
  • News

OneWeb – Low Orbit Satellite

  • cryptopticon
  • April 26, 2021
View Post
  • Articles
  • News

Low Orbit Satellites – Global Internet Access by 2025

  • cryptopticon
  • April 2, 2021
View Post
  • News

Crypto Week 634

  • cryptopticon
  • March 6, 2021

– Recent Articles –

  • Twitter is a Blockchain in Waiting
  • QubesOS: How To Recover Data From AppVM
  • Qubes: How to Copy and Paste
  • QubesOS: Install Inkscape in Debian
  • Stolen keys, hackers thieves
  • Qubes: Install Nix Package Manager

– Categories –

  • Art Gallery
  • Articles
  • Blockchain Adoption
  • Book Reviews
  • Decentralised Autonomy
  • News
  • Tutorials

Recent Posts

  • Twitter is a Blockchain in Waiting
  • QubesOS: How To Recover Data From AppVM
  • Qubes: How to Copy and Paste
  • QubesOS: Install Inkscape in Debian
  • Stolen keys, hackers thieves

cex

CEX.IOBitcoinExchange

Twitter Feed

cryptopticon
Security in Transparency

Input your search keywords and press Enter.