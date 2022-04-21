A crypto trader became a victim of a scam, which resulted in him losing $650,000 (roughly Rs 5 crore) worth of cryptocurrency and Non-fungible Tokens (NFTs). The incident was shared by the trader on Twitter. Domenic Iacovone got his entire crypto wallet stripped off by scammers. Domenic had stored his digital assets on a cryptocurrency wallet called MetaMask. Explaining the incident, he shared a tweet on April 15. Apparently, Domenic received a phone call that led to this incident.

The crypto trader was receiving multiple messages asking him to reset his Apple ID and password. Brushing them off as scam attempts, Domenic did not pay heed. Following this, he received a call from Apple Inc. The call was received on iPhone and the number was associated with Apple, which made him believe that the call was genuine.

In the tweet, Domenic wrote, “Got a phone call from Apple, literally from Apple (on my caller ID). Called it back because I suspected fraud and it was an apple number so I believed them. The person, on the phone, told Domenic that his account was compromised and that they require the OTP (One-time password) to ensure the genuineness of his credentials. As soon as he gave them the OTP, his account was wiped off of all digital assets that he had stored on MetaMask.

Hey y’all, let’s see how amazing this community can be. My entire wallet was just stolen. Totally wiped out, MAYC 28478, MAYC 8952, MAYC 7536 Gutter cat 2280 , 2769, 2325

Also stole 100k in ape coin.

Looking for all the help I can get. 100kreward @BoredApeYC @GutterCatGang — Domenic Iacovone (@revive_dom) April 14, 2022

This is how it happened, Got a phone call from apple, literally from apple (on my caller Id) Called it back because I suspected fraud and it was an apple number. So I believed them

They asked for a code that was sent to my phone and 2 seconds later my entire MetaMask was wiped — Domenic Iacovone (@revive_dom) April 14, 2022

A crypto security advisor, with an account named Serpent on Twitter, took cognizance of the matter and shared additional details about the incident, including the screenshots of Domenic’s phone.

1/ On April 15th, @revive_dom received multiple text messages asking to reset his Apple ID password and at 6:32 PM he received a call from "Apple Inc." which was a spoofed caller ID. They claimed that there was suspicious activity on his Apple ID and they asked for a one-time pic.twitter.com/fc8lSntgyP — Serpent (@Serpent) April 17, 2022

2/ verification code to prove the owner of the Apple ID account. After giving the 6 digit verification code, the scammers hung up and his MetaMask wallet was wiped, with over $650,000 stolen. How did they access his MetaMask wallet? Let's look into what happened 👇 pic.twitter.com/NMm6wkUMbM — Serpent (@Serpent) April 17, 2022

As per Serpent, there is a seed phrase, a 12-digit number, which must not be shared with anyone. This seed phrase is the only way to access a crypto wallet. MetaMask apparently stores this seed phrase file on iCloud which could have been how the scammers got access to Domenic’s wallet. After that, all they needed was an OTP sent on his phone.

MetaMask, although did not comment on the incident, shared a tweet warning the users about a possible phishing scam.

🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3 — MetaMask 🦊💙 (@MetaMask) April 17, 2022

Before the incident, the crypto wallet service had not revealed that they store the seed phrase file on iCloud, reports claim.

