(Hong Kong, 3 May 2022) Recently, cryptocurrency worth about US$650,000 (HK$5.1 million) was stolen from a MetaMask crypto wallet user overseas in a data backup scam. The hacker pretended to be an Apple employee and called the victim to help him reset Apple ID password, and lured the victim to provide the two-factor authentication (2FA) token. He then used the stolen credential to access the victim’s iCloud and obtained the recovery seed phase of MetaMask from the backup.
This type of phishing is called vishing. Usually, the hacker would first gather information about the victim, and then pretend to be a staff of a legitimate organisation to call the victim. By using sophisticated tactics, the hacker’s target is to lure his victims into providing sensitive information. In this incident, areas that everyone should pay attention to include:
Do not provide any authentication information to stranger, including passwords, 2FA token, one-time passwords (OTP), answers of security questions, etc
Check what kind of data will be backed up to the cloud. If you do not prefer backup certain particular data, you can remove the backup option in the phone
Understand the characteristics and security risks of hot and cold wallets, choose a suitable wallet, or distribute the crypto assets to different types of wallets
For comparison of hot wallets and cold wallets, you can refer to the following URL:
For information security related incidents, for example, ransomware, phishing, denial of service attack, etc., please report to HKCERT through its online Incident Report Form at https://www.hkcert.org/incident-reporting. For other information security-related questions, please contact HKCERT by email: firstname.lastname@example.org or call its 24-hour hotline: 8105 6060.