Domenic Iacovone had the unpleasant surprise of having all of his digital assets stolen by a hacker. In total, no less than 650,000 dollars, or around 600,000 euros in cryptocurrencies and NFTs were lost in nature. The hacker exploited a security flaw present in the Metamask application, which stores the wallet recovery phrase in iCloud.
Cryptocurrencies and hacking have always been linked, but the loot is getting more and more impressive. Recently, a hacker stole 560 million euros by attacking the network of a video game. And he is far from the only one. The sums often reach millions, but generally relate to global operations having affected several victims. However, when a single person is targeted, the damage can also be considerable.
This weekend, Domenic Iacovone had the painful experience of it. It all started last Friday, when he received a strange call from Apple. Seeing the number of the company displayed, he asks no more questions and calls back without hesitation. At the other end of the line, an alleged employee of the firm tells him that his account has been hacked. To regain control, he is asked to provide the one-time code sent to his iPhone.
Related: FBI Blames North Korean Hackers For Biggest Cryptocurrency Theft Ever
He loses 600,000 euros in cryptocurrency due to an iCloud breach
Again, Domenic Iacovone does not suspect the scam and transmits the famous. A few seconds later, all of his virtual wallets were emptied. $160,000 in Ether, $100,000 in Ape Coin, $250,000 in Tether, plus his estimated $80,000 NFT Ape Yacht Club, all gone. In total, the amount of damage amounts to 650,000 dollars, or approximately 600,000 euros.
What happened ? According to a cybersecurity expert calling himself Serpent, everything is based on a flaw in the Metamask application. On iPhone, it automatically stores the recovery phrase for its owner’s wallets in iCloud. By gaining access to Domenic Iacovone’s account, the hacker was therefore able to recover the recovery phrase, and therefore gain access to his digital assets.
To avoid being tricked, Serpent advises never to transmit its single-use codes to anyone, nor any other personal information, before recalling that Apple never calls its customers directly. For its part, MetaMask called on its users to go to the settings to disable iCloud backups.
