A crypto trader has revealed that he has lost as much as $6,50,000 (Rs 4.97 crore) after scammers hacked into his iCloud account. And it only lasted two seconds.
The trader Domenic Lacovone revealed the scam on Twitter. He said it all started with a phone call he thought was from Apple.
Lacovone suspected it might be a fraud, so he ignored it. But it turned out to be an Apple number, so he decided to call it back.
Here’s how it happened, got a call from Apple literally from Apple (on my caller ID) I called it back as I suspected fraud and it was an Apple number. So I believed them
They asked for a code sent to my phone and 2 seconds later my entire MetaMask was erased
— Domenic Iacovone (@revive_dom) Apr 14, 2022
“Here’s how it happened, got a call from Apple, literally from Apple (on my caller ID) I called it back because I suspected fraud and it was an Apple number. So I believed them,” Lacovone said in a tweet .
“They asked for a code to be sent to my phone and 2 seconds later my entire MetaMask was erased,” he added.
It was literally Apple Inc. they mirrored apples number pic.twitter.com/l08UjNj7aS
— Domenic Iacovone (@revive_dom) Apr 15, 2022
The trader had a shipment of valuable cryptocurrencies and non-fungible tokens (NFTs) stored in the digital wallet app MetaMask.
Little did he know that MetaMask automatically saves a 12-digit “seed phrase” file to iCloud from his iPhone. Once the scammers got access to his iCloud, they stole it and wiped Lacovone’s account.
The seed phrase is important to get into the crypto wallet and should not be shared with anyone.
Lacovone has sought help from the online community and has even offered a $100,000 reward to those who can help him get the money back.
“Don’t tell us to never digitally store our seed phrase and then do it behind our backs. If 90 percent of people knew this, I’d be sure none of them would have the app or iCloud on,” he told the paper. New York Post†
He also targeted MetaMask and asked users to “expose” the company.
MetaMask has so far not commented on the incident, but did tweet out advice for users amid the rage. The tweet says iCloud backup will contain users’ password-encrypted MetaMask vault and asked if it can be disabled by disabling iCloud backups.