How I got hacked, lost crypto and what it says about Apple’s security. Part 1

Attack Timeline

The events took place on Sunday morning, October 4th, 2020. Between 9am and 11am, GMT+8. I was not home, far away from my two MacBooks. They were in hibernate mode, locked, lids closed, at home. The night before, I finished setting up my brand new MacBook Pro (2020).

pmset -g log | grep -e “ Sleep “ -e “ Wake “

Takeaways and mistakes to avoid:

  • if you are storing private keys or mnemonics in your Apple Notes or iCloud — they are up for grabs. Even if you have 2FA. Even if your Notes are password protected. Use a hardware wallet for everything, no matter how much crypto you hodl.
  • Do set up Telegram 2FA password now. If your Telegram gets hacked and you don’t have a password set — hackers will set it for you. And the only way to reset it would be to reset your whole account.
  • Make sure you don’t have any password reuse. Not even partial. Have unique passwords for every new service you sign up for. Store them in a password manager. Don’t store your main email in the password manager. Remember some main master passwords and don’t reuse them either.
  • Do not save passwords in your Chrome. Or, if you do, make sure your Google account has multiple levels of 2FA. SMS is not one of them.
  • iCloud has limited security options. Consider using Google Voice number as your trusted 2FA.
  • When you leave your laptop unattended, or close it for the night, make sure to turn WiFi off. Or, better, shut it down completely. Closing the lid and putting it in the hibernate mode is not enough. Your laptop can wake up at any time, even when the lid is close and remote code can be executed.


Part 2

In Part 2 I’ll write about incident response, forensics, chain analysis, and hopefully an identification of the attacker. I’ve reached out to a few friends from cyber sec and blockchain space to help me out and piece together the puzzle. If you’d like to participate, help analyse the attack and (hopefully) identify the attacker please contact me on Twitter ( and jump in to our Google Doc.


James Pavur, Daniel Aaron, Tushar Singal, Sebastien Couture, Hitesh Suresh , Tim and Dan from Mana Security — thank you guys for providing feedback and helping bring more clarity to this incident!

Additional Screens:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Raman Shalupau

Raman Shalupau - #1 job board to find and post web3, blockchain & cryptocurrency jobs.