How to protect your funds from phishing scams?

A coin, for example, has two sides: head and tail. Every technological innovation has two faces: developers and hackers. While developers work hard to modernize and develop systems, hackers work hard to extract as much revenue as possible from the system. No code is perfect, and it is a hacker’s art to find the weakest link.

Few of the major DeFi hacks and the amount stolen are:

1. Poly Network Hack: $611 Million
2. Ronin Hack: $552 Million
3. Wormhole’s token bridge Hack : $326 million.
4. Beanstalk Hack: $181 million.
5. Compound Hack: $150 Million
6. Vulcan Forged: $140 Million

However, phishing scams on individual accounts are common in the industry.

A hacker stole $650,000 from an individual account on April 15th. The account’s owner received many text messages asking him to reset his Apple ID password, and then he received a call from Apple Inc, which was a faked caller asking him to prove his identity. The owner was asked to disclose his two-factor authentication code, which he surprisingly did. After then, the fraudster hung up, and his MetaMask wallet was drained, with nearly $650,000 stolen.

How did the scammer got access to his MetaMask wallet?

Your seed phrase file is actually saved on your iCloud by MetaMask. The scammers asked for the victim’s Apple ID password to be reset. They were able to gain control of the Apple ID and access iCloud after receiving the 2FA code, which provided them access to the victim’s MetaMask.

MetaMask then clarified that if you enable iCloud backup for app data, your password-protected MetaMask vault would be included. If your password isn’t strong enough and someone steals your iCloud credentials, this can result in money being stolen.

How to disable iCloud backups for MetaMask?

Settings > Profile > iCloud > Manage Storage > Backups.

How to avoid iCloud unrequested backups?

You can turn off this feature at: Settings > Apple ID/iCloud > iCloud > iCloud Backup.

What should we keep in mind after reading about the above scam?

1. Apple, Google, Microsoft, or any other corporation will NEVER call you and ask for your personal information such as an OTP, 2FA code, phone number, and so on. Companies always alert you through email if there is any questionable activity in your account. Also, double-check the email address. Scammers can spoof both phone calls and mail id.
2. Never share your OTP, Seed phrase and 2FA code with ANYONE.
3. Store your Seed Phrase with as much protection as you would store your precious diamond. Because SEED PHRASE is the key to your crypto vault.
4. Always protect your personal information. Refrain from posting your personal details anywhere on social media.
5. Last but not the least, ALWAYS use a cold or Hardware wallet to store your immense amount of digital valuables.

What is a Cold wallet?

Many cryptocurrencies are stored in digital wallets via exchanges, which are referred to as hot wallets because they are online and connected to the Internet. To address the shortcomings of such wallets, cold wallets were developed, which serve as offline backups in the form of hardware that is not linked to the Internet. Software-based hot wallets include MetaMask and Trust Wallet, whereas hardware-based cold wallets include Trezor and Ledger.

Best practices:

1. Don’t keep your money on exchanges or in hot wallets for any longer than necessary.
2. Use hot wallets for modest amounts of digital currency that you intend to store for a short length of time. Keep your hot wallet for micropayments or trading only.
3. Use cold wallets for huge sums of money that you don’t intend to spend for a long time. Always utilize PIN or password-protected hardware wallets.
4. Setting up multi-signature, multi-party, or multi-factor wallets is always a good option.