Company metamaskresponsible for financial services, including digital wallets. cryptocurrenciesbecame the conduit of a new coup, which involved a series of very elaborate procedures.
The plan has been condemned and stirred in recent days phishing and social engineering to access the victims’ iCloud account. From this point on, a vulnerability is exploited: MetaMask allows data synchronization with Apple’s storage service, including the MetaMask wallet access code.
Thanks to the sharing, criminals can empty the account and transfer all the funds to other profiles.
Masterstroke to steal crypto coins
After the crime was disclosed, at least one person was confirmed to be a victim. He lost about US$650,000 (or R$3 million in direct currency conversion) in cryptocurrencies.
1/ On April 15, @revive_dom He received multiple text messages asking him to reset his Apple ID password and got a call from “Apple Inc” at 6:32 PM. it was a fake caller id.
They claimed suspicious activity on Apple ID and asked for a one-time. pic.twitter.com/fc8lSntgyP
— Snake (@Snake) 17 April 2022
As security company Sentinel reports, it all starts with a series of fake SMS messages, with criminals pretending to be Apple support and alerting you to a fake security issue with your account. As a solution, you have to change the password – and then, with a phone call from the company’s supposed support, the second phase of the scam kicks in.
The person on the other end of the line requests an authentication code. This string is two factor verification of iCloud account and if entered by someone else, the original owner can lock it from the profile.
what does the company say
In a post on Twitter, MetaMask showed you step by step for those who want to end the synchronization of the virtual wallet with iCloud. So far, he has not commented on the case reported by Sentinel. The company has more than 30 million monthly active users worldwide.
Source: Tec Mundo