អ្នកប្រើប្រាស់ Apple ខាតបង់ $650,000 ក្នុងមួយវិនាទី ដោយសារការលួចចូល iCloud បង្ហាញពីភាពងាយរងគ្រោះ MetaMask

ក្នុងនាមជាទីផ្សារសម្រាប់ រូបិយប័ណ្ណសម្ងាត់ និងសញ្ញាសម្ងាត់ដែលមិនមែនជាផ្សិត (អិនអេហ្វអេស) grows larger, it becomes an increasingly attractive target to hackers who devise new and more efficient ways to get their hands on other people’s assets, exploiting major vulnerabilities in platforms.

In one of the most recent hacking incidents, an attacker managed to steal a person’s entire collection of cryptocurrencies and NFTs worth more than $650,000, from their MetaMask កាបូបគ្រីប, ដូចជា រាយការណ៍ by CNET on April 18.

A few days before, the victim, Domenic Iavocone, took to Twitter to convey what exactly happened:

This is how it happened, Got a phone call from apple, literally from apple (on my caller Id) Called it back because I suspected fraud and it was an apple number. So I believed them
They asked for a code that was sent to my phone and 2 seconds later my entire MetaMask was wiped
— Domenic Iacovone (@revive_dom) ខែមេសា 14, 2022

According to Iavocone, the stolen assets included $160,000 worth of Ethereum (សាកលវិទ្យាល័យ ETH), a Mutant Ape Yacht Club NFT worth an estimated $80,000, as well as $100,000 in ApeCoin (APE) and $250,000 in Tether (USDT).

Clearly, the hackers deployed a sophisticated phishing technique to gain access to the victim’s iCloud account. However, this did not explain how they gained access to his MetaMask wallet, which requires a 12-word seed phrase to enter. Iavocone didn’t have this seed phrase written down in any document stored on iCloud.

Using iCloud backup to get to the wallet

To provide an explanation, a security expert nicknamed សត្វពស់ បាននិយាយថា: that iCloud automatically stores the seed phrase file of the person’s wallet if the MetaMask app is used on iPhone. In other words, gaining access to someone’s iCloud account will automatically grant access to their seed phrase file in such a case.

បើយោងតាមឧតាមប៉ាន់ស្មានរបស់ឧស្សាហកម្ម Gartner ក្នុងឆ្នាំ២០២១ បានឲ្យដឹងថា ការចំណាយរបស់អ្នកប្រើប្រាស់ចុងក្រោយលើសេវា public cloud បានកើនឡើងយ៉ាងខ្លាំង។ តួលេខនេះគឺគួរឱ្យភ្ញាក់ផ្អើល ដោយមានការប៉ាន់ប្រមាណការចំណាយគឺ ៣៩៦ ពាន់លានដុល្លារក្នុងឆ្នាំ ២០២១ និងកើនឡើង ២១.៧% ដល់ ៤៨២ ពាន់លានដុល្លារក្នុងឆ្នាំ ២០២២។ លើសពីនេះ Gartner ព្យាករណ៍ពីការផ្លាស់ប្តូរដ៏សំខាន់នៅក្នុងការចំណាយផ្នែកព័ត៌មានវិទ្យារបស់សហគ្រាស ជាមួយនឹងការចំណាយលើ public cloud លើសពី ៤៥% នៃការចំណាយសរុបនៅឆ្នាំ ២០២៦ តិចជាង ១៧% ក្នុងឆ្នាំ២០២១។ ការប៉ាន់ប្រមាណនេះ ឆ្លុះបញ្ចាំងពីការកើនឡើងនូវការកោតសរសើរ ចំពោះអត្ថប្រយោជន៍របស់ cloud ទាក់ទងនឹងការធ្វើមាត្រដ្ឋាន ភាពបត់បែន និងការបង្កើនប្រសិទ្ធភាពតម្លៃ។ សត្វពស់, “it’s going to happen to a lot more people” and the key to avoiding such unfortunate events is to:

“Always use a cold wallet to store your valuables. Never give out verification codes to anyone. Protect your information, don’t give out your phone number or your personal email. Caller information is easy to spoof. Companies like Apple will never call you.”

គួរកត់សម្គាល់ថា ក កាបូបត្រជាក់, also called a hardware wallet or cold storage, is a physical device resembling a USB drive that stores an individual’s private keys and cryptocurrency completely offline, away from any attacks exploiting online software.

In the meantime, MetaMask has posted on its Twitter account the instructions on how to disable this backup:

You can disable iCloud backups for MetaMask specifically by turning off the toggle here:
Settings > Profile > iCloud > Manage Storage > Backups.
2/3
- MetaMask ?? (@MetaMask) ខែមេសា 17, 2022

Considered a hot wallet, MetaMask is one of the most popular software cryptocurrency wallets for holding ERC-20 tokens and interacting with decentralized apps (dApps) on the Ethereum and Binance Smart Chain (BSC) បណ្តាញ។

Source: https://finbold.com/apple-user-loses-650000-in-seconds-as-icloud-hack-exposes-metamask-vulnerability/