Can your password protect your privacy?

An estimated $650,000-worth of cryptocurrencies and NFTs, gone in an instant. 

Domenic Iacovone received an unusual phone call from Apple on Friday night. He received several messages asking him to reset his Apple ID password, and he suspected it was a scam. But the call came through on his iPhone as Apple Inc., with a number associated with the tech company’s online store. When Iacovone rang back, the person on the other side of the phone told him his account had been compromised, and that they needed the one-time code Apple sent to his iPhone to ensure he was the account's owner. Iacovone gave it to them. Two seconds later, his MetaMask crypto wallet was wiped out. 

The immediate question asked by crypto and NFT traders: How could access to iCloud give a hacker access to someone's crypto wallet? 

​​When you create a wallet, you're given a 12-word seed phrase that's needed to access the wallet on new devices. The first rule of cryptocurrency trading is to protect your seed phrase at all costs. Unless a person has their seed phrase written down in a document stored on iCloud—which Iacovone didn't—it doesn't follow that iCloud access would lead to MetaMask access.

The incident highlights the major downside to decentralized finance, the lack of any central authorities to undo or refund damages. Blockchain transactions can't be reversed, meaning MetaMask, or any other firm, can't refund the lost assets. OpenSea, the biggest marketplace for NFTs, can do little more than mark Iacovone's account as "suspicious" to dissuade others from buying his stolen NFTs. But it was too little too late, as the Mutant Ape stolen from his wallet was quickly sold for $80,000.

Forget passwords

Patrick Paumen doesn't need to use a bank card or his mobile phone to pay. Instead, he simply places his left hand near the contactless card reader, and the payment goes through.

Back in 2019, he had a contactless payment microchip injected under his skin.

"The procedure hurts as much as when someone pinches your skin," shared Paumen.

A microchip was first implanted into a human back in 1998, but it’s only during the past decade that the technology has been available commercially. And when it comes to implantable payment chips, Walletmor, a British-Polish firm, says that it was the first company to offer them for sale.

The technology Walletmor uses is near-field communication or NFC, the contactless payment system in smartphones. Other payment implants are based on radio-frequency identification, the similar technology typically found in physical contactless debit and credit cards.

Walletmor's chip, which weighs less than a gram and is a little bigger than a grain of rice, consists of a tiny microchip and an antenna encased in a biopolymer—a naturally-sourced material, similar to plastic. It also doesn’t require a battery or other power source. The firm says it has now sold more than 500 chips.

Fintech expert Theodora Lau shares, “implanted payment chips are just an extension of the internet of things.” While she revealed that many people are open to the idea, the benefits must be weighed up with the risks, especially when embedded chips carry more of our personal information.

Who needs a chip?

For those who aren’t comfortable getting a device implanted in their hand, Whole Foods shoppers in Austin can now buy their groceries with nothing more than a swipe of the palm. 

The new Amazon One device is connected to a customer’s credit or debit card and can scan their unique palm signature in a second.

“Amazon One is all about making everyday activities, like paying at a store, easier and more convenient for customers,” said Thi Luu, Director of Product Management for Amazon Physical Retail and Technology. Although Amazon One will initially be used for payments only, it’s clear the tech giant has much bigger ambitions for this hardware. 

The palm-reading service has raised privacy concerns among some officials that questioned the company’s biometric data collection practices. 

The bottom line: setting a password or inputting your personal data gives other people access to your private information. What happens with all your data and who has access to it? Can passwords still protect your privacy?