NEW PHISHING SCAM Already $650,000 stolen from a single individual and it`s going to happen to a lot more people. This is how it happened
People brag about how much they have and show screen shots of their wallets. Why do you store that much in a hot wallet all that money and can`t buy a cold wallet? Well well and if you are in crypto you should never give your 2FA to anyone come on!!
>keeping 650k on yr phone Sigh
if you use or promote eth scm, you deserve to lose everything. the world is a better place every time this happens to one of you animals. thank you, whoever did this. you`re the good guy in this scenario.
Can this happen on Android? Does is auto backup on Google Drive
Since the new MacBook M1 you can download mmask and use it as an iPad app on the computer. The guy got everything sync so the scammer has just to clic the sync button. He dont even have to know the seed phrase, just sync. Its like changing phone and get all app set up. Hate to see this kinda stuff, such a dangerous space if your not careful. Always take the time to read stuff like this and continue to be better. Over 650k.. crazy
Will ever people understand not to backup anything online
can we discuss about this in the next idk what we did the other day the chill chat on PP
they did amazing job . hats to them.
Sir, is our seed phrases also stored in our mobile cloud?
I still don`t understand how and why anyone on phone gives others one-time code.
Saves seed on iCloud???
it is necessary for someone to track this wallet and prevent the sale of these tokens... and arrest these thieves...yes!
$650,000 in single wallet we definitely need to separte them. risk mgmt..
But MetaMask also has its login password. How did the hacker gain access to that
I have alao got scammed through fake telegram. A scammer is invited me into fake titano channel and offered the high yield staking deal. After staking all my token, boom....they are gone
My money on metamask goes directly under my pillow
Oh come on!! Please let`s be careful out there guys. If it sounds or looks out of the ordinary, it`s dangerous!! So sorry
Whenever an nft bro gets scammed an angel gets it`s wings
Scammers playing good cop bad cop nowadays?
I mean MS literally ask for 2FA codes on the phone, so if they are doing it a lot of people are probably gonna fall for this.
Thats why u set up anti phishing code with your emails
is also bad - no customer service and cant tell his good or whonis the scammer.
Appreciate the thread mucho!
So if we have a hardware wallet do we need to be concerned about this iCloud thing?
icloud phishing scam story RT pls How scammers got email and phone from victim? Suspicious
read this thread
wallet with 650k in the phone for what? who goes out with such money in the pocket? I`m sorry for poor guy but HW wallet is made to prevent your crypto. Anyway thanks for sharing with comunity
check this out
How they do it? Anyway check at this! What do you think about it? So I have to disable ENTIRE backup bc one app fuked up?
I dont wanna laugh but do you really think apple would try to call you?
I am still impressed people fall for these. Hang up and call back or go online.
I use a hardware wallet but still dont like activity pushed to cloud by Apple . How can we stop this ok mobile and Mac?
This is why I bought a cold wallet and put all my crypto on it, 100% worth it
That`s like sending someone your seed phrase, don`t understand how some people are so internet savvy that they can make exorbitant amount of money on JPG`s and crypto but can`t critically assess scams that are sent their way. RIP to this dude though, no one deserves this
How do these people have so much money in crypto and still don`t use a hardware wallet? Keep your damn seed phrase offline at all times! Stop using hot wallets for hundreds of thousands of dollars.
How stupid do you have to be to fall for this type of sht? And why do you have 650k on a hot wallet for anyways?
People really need to spend 30 mins on YouTube looking up basic web2 security. Most "hacks" are just phishing.
Wow.. so stores you private keys on iCloud ? That`s the dumbest thing I ever heard
Always go full Android.
Jokes on them I never answer my phone
This is why I have 800 wallets with 10 dollars lol good luck
Thank you as always for the write up.
unroll
but they left his is his wallet
Did they have their metamask on iphone?
Thanks all inc - just turned off future backups and deleted existing backup.
Metamask involved, shocking
Is this only metamask on iPhone or can it happen with a MacBook too?
Im sure hell be fine since the bank is on the hook for the breach & losses
I see a here. The mentioned website address is and not
Someone really believed that Apple, the biggest company in the world, would telephone call a user about someone trying to log in the account? The brains of most crypto people is so far below the average person, and the average person is absolutely stupid. Hard lesson to learn.
This can never happen on ElrondNetwork Im so happy I can sleep without any problem every night!
Why does every scam involve ETH.. ETH scamcoin ETHGate
Why r u keeping 650k on metamask? Why r u giving your 2fa code to some random person on the phone? Smh
Its easy to ridicule someone who falls for a scam like this but they get the victims for whom the call comes at the worst moment, like when theyre about to leave for the airport to catch a plane so theyre already distracted.
lol if i got a call from "apple inc" all i would be thinking is "damn these scammers are getting creative" and block the number
lol I cannot believe this would happened
is this possible please weigh in. On It is hard to believe in this day and age people still fall for these scams. If I don`t call you, I`m NOT giving you anything, simple! This was too easy to be honest. Don`t make it easy for these bloody vampires!
Heres MetaMasks response to my thread, breaking down how the iCloud backup works. We all know how annoying it is constantly being asked to back up your phone or iCloud auto backing up itself, so they also provided a guide on how to turn it off
Check this
Leave about metamask`s tech issue . First how did the scammer know the victim has ETH or NFT in their mobile device and victim`s ph no. We should be more careful in sharing our personal info
All comes down to critical thinking which seems to be absent from most people
Step 4) must ring a bell to the victim... that`s why security awareness is crucial !!!
I find it hard to understand that anyone with over $1000 in a wallet does not have a Cold Hardware wallet? saddened by the loss for this person but high 6 figures on a hot wallet is crazyness
ledger is a must
Metamask ask you if you want to save your seed file in the cloud. It`s optional
how does apple store your seedphrase if you never asked for it to be saved ? through icloud backup?
Why would you believe that apple is calling cuz their concerned about your account...26x. You`d see something on Twitter or most likely an email if there was some breach. Even then I`m never clicking any links or I might not even believe the email until convinced.
2FA is there for a reasonwhy would you give your 2FA to somebody over the phone.
The attackers also needed access to the mailbox associated with the iCloud account or the creds for the iCloud (but no mfa token)? Do you know which they had here? It would be good to gauge attackers supply chain
And now people are twisting it as somehow being metamasks fault when they just give out 2FA information on a phone call?
Thinking logically though, Apple has hundreds of millions of devices globally.. like they would have any staff ringing up people about this
Its honestly really hard to feel sorry for anyone who gives out that info on a phone
Dont even have meta mask on your cell. You realistically should have your meta mask on a separate computer used exclusivity for that.
unroll
650K on Metamask? hes living in a whole other metaverse
MetMask cant automatically save anything on your iCloud.
Absolutely mind boggling as to why a seed phrase thats encrypted would ever neee to be able to be accessed on multiple devices with your login. Or at all?? Why would I want my seed phrase on any kind of digital document ?? STUPID!
Aaaaah man. This is crazy.
Any similar problems for Android or Windows users?
Great information! Practice good OPSEC and if you dont have a cold wallet look up sim swapping, itll motivate you to get one :). Hackers can literally steal your phone number then use it to bypass your 2FA. Google he lost ~20m.
unroll
Ffs space is full of scamming twats
Where is a good place to learn about a cold wallet and how to set that up?
Because these reasons(between others) I migrate my crypto funds from Metamask to Got one of these calls recently. Always hang up and call the company yourself and at the very least never give out 2FA codes to anyone.
Apple will in fact call you. When we registered for an organizational developer account (eg they want your DUNS number) they called me on my cell to verify some info. More to the point why do people think these large firms care enough about normal customers to call them?
unroll
This is misleading. MM does not store your secret phrase to iCloud. Users who`ve enabled "App Data Backups" on iCloud will have the (encrypted) data for ALL apps (including ANY wallet) backed up to icloud. It is an iOS issue. Instructions to disable: unroll
Assuming: -iCloud backed up local storage containing key. -Attacker had iCloud password and just needed 2FA. -Once in, grabbed the stored backup data. -Decrypted the key out of it easily due to a reused (or similar / easily found) password. Accurate?
If am not using icloud then they save where
Not to mention that if they used Apples password log theyre screwed elsewhere as well.
same thing they wanted to do me here, figured they wanted me to call and dispute the charges on my fake account lmao I flagged the email and moved it to spam. This is why I only use metamask for transactions if I have too the whole application sucks lol
imagine having an ego inflated enough to think Apple would call you . Dude got humbled
I feel like a step is missing, the 2fa is the only thing needed to set a new apple password? Or they already had an email password compromised too?
