Conversation

PSA: I was hacked (3k USD + private data). Apple ID 2FA was bypassed. Avoid SMS 2FA. Avoid iCloud. Avoid hot keys. Rotate your passwords. I wrote a detailed post on what, when & how this happened. Investigation is still in progress Stay safe!

ksaitor.medium.com

How I got hacked, lost crypto and what it says about Apple’s security. Part 1

I was hacked. The attacker gained access to several of my accounts (Apple Cloud, Yahoo, Gmail, Telegram), found private keys, mnemonic…

Raman Sha

@ksaitor

Oct 26, 2020

HN discussion: news.ycombinator.com/item?id=248852

Jesse Powell

@jespow

Oct 26, 2020

Do you have Continuity enabled? Seems like a sim clone, ss7 or other form of intercept by an app on your phone or on your computer (if your computer has access to your sms).

Raman Sha

@ksaitor

Oct 26, 2020

Yep. Continuity was enabled. That's one of my top suspects as well. I was miles away from my home WiFi, though. I thought when you are SIM cloned, only one SIM would be receiving the comms from cell towers. No? I was receiving SMS and calls.

Jesse Powell

@jespow

Replying to

@ksaitor

Actually, could even be a telco employee is able to read your plain text sms logs.

6:54 AM · Oct 26, 2020Twitter for iPhone

Replying to

do you have anyone who can help de-anonymize 0x8c46335777867367e279350eedacda5463de9029 ?

etherscan.io

Address 0x8c46335777867367e279350eedacda5463de9029 | Etherscan

The Address 0x8c46335777867367e279350eedacda5463de9029 page allows users to view transactions, balances, token holdings and transfers of ERC-20, ERC-721 and ERC-1155 (NFT) tokens, and analytics.