How I got hacked, lost crypto and what it says about Apple’s security. Part 1

Attack Timeline

0xc7a93685f6ae28d29d4a6e974a9c774f8ebbc904
0x8C46335777867367e279350eEDacdA5463de9029
0x60c4082d976f245fc3c2ff52814cea5858a89423f7f81046da45809a5d0f37a1
0x31ab912f984a803ffd4e79340e050a31254535f07050242eb72dd360fce4a851
0xedff4cc789d7a53133a4451680f1e73321c52b5da1725432a4288ac4e418c356
0x929226416c83da6a4a2962368803c392b2d05b701aad419269b032e1a125c411
0x542e3f237013bd7e81b5b90fffc5c83aa46824a38e9fd535a533d5f00dddfaef
0x4a370b66e5ea3577dfe9fce2230fefda0d27de1cf913d9215953a534352652ae
pmset -g log | grep -e “ Sleep “ -e “ Wake “

Takeaways and mistakes to avoid:

  • if you are storing private keys or mnemonics in your Apple Notes or iCloud — they are up for grabs. Even if you have 2FA. Even if your Notes are password protected. Use a hardware wallet for everything, no matter how much crypto you hodl.
  • Do set up Telegram 2FA password now. If your Telegram gets hacked and you don’t have a password set — hackers will set it for you. And the only way to reset it would be to reset your whole account.
  • Make sure you don’t have any password reuse. Not even partial. Have unique passwords for every new service you sign up for. Store them in a password manager. Don’t store your main email in the password manager. Remember some main master passwords and don’t reuse them either.
  • Do not save passwords in your Chrome. Or, if you do, make sure your Google account has multiple levels of 2FA. SMS is not one of them.
  • iCloud has limited security options. Consider using Google Voice number as your trusted 2FA.
  • When you leave your laptop unattended, or close it for the night, make sure to turn WiFi off. Or, better, shut it down completely. Closing the lid and putting it in the hibernate mode is not enough. Your laptop can wake up at any time, even when the lid is close and remote code can be executed.

Resources

Part 2

Credits

Additional Screens:

--

--

--

CryptoJobsList.com - #1 job board to find and post web3, blockchain & cryptocurrency jobs.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Pure Beats minimalistic and elegant drum machine Hack Free Resources Generator

Socean Staking Video — Tutorial

Arsenal: Bypass EDR’s/XDR’s and make malware analysis harder

Cybersecurity and Safe Driverless Vehicles

Campaign for AFI Club Program

The Shifting Debate around Security Metrics

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

https://famousdunya.com/differences-of-adware-spyware-and-anti-infection/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Raman Shalupau

Raman Shalupau

CryptoJobsList.com - #1 job board to find and post web3, blockchain & cryptocurrency jobs.

More from Medium

How Can Jalen Hurts Prove Himself in 2022?

Weekly newsletter on Cybersecurity — Issue #6

5 Ways to Increase Your Online Security

How the Streak Ended?