MetaMask warns Apple users in the wake of a $650K iCloud phishing scam.
MetaMask: Apple wallet holders at risk
MetaMask has issued a warning to its users making use of Apple devices like the iPhone, iPad, and Mac to disable iCloud backups to prevent phishing attacks. MetaMask made this known in a recent tweet where the company shared that encrypted passwords for users’ crypto accounts, known as MetaMask vaults, are automatically uploaded to Apple’s cloud service if the iCloud backup option is enabled on the app.
It also warned that users who use these apple devices risk losing funds in their wallets if their passwords aren’t strong enough. This is so because a breach of a user’s iCloud account could give access to their passwords and any linked crypto wallets.
The theft is happening barely weeks after MetaMask expanded into the Apple ecosystem, and this expansion enables users to procure digital assets with apple pay making it possible to purchase cryptocurrencies with debit or credit cards without sending ETH to the app in advance.
iCloud Phishing Attacks: Who are they attacking?
The tweet from MetaMask advising its Apple users to beware of iCloud phishing attacks came after a Twitter user Domenic Iacovone shared details of how hackers wiped out his MetaMask wallet funds. The breach, Domenic Iacovone revealed, began with a phone call from “Apple” asking for a code sent to his phone. He obliged the request, and some seconds later, the hackers emptied his MetaMask wallet.
According to Domenic, his MetaMask wallet contained NFTs from the famous Mutant Ape Yacht Club (MAYC) collection, $100,000 in ApeCoin, and other NFTs, estimated to be $650,000. However, he has offered a $100,000 reward for whoever can help recover the stolen funds. Another Twitter, however, revealed that the hacker had sold off the NFTs.
Speaking on the event, Serpent, founder of Dape NFT, explained details of the hack in a tweet, saying, “MetaMask actually saves your seed phrase file on your iCloud.
The scammers requested a password reset for the victim’s Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID and access iCloud, which gave them access to the victim’s MetaMask.”
An unfortunate rise in Crypto theft
This recent announcement adds to a list of cryptocurrency hacks this year, and last month, the Ronin network, MetaMask’s competitor, suffered a $600 million cryptocurrency hack. This rise in crypto theft has led to an estimated $1.3 billion loss, thus bringing the security of cryptocurrency platforms into question.
MetaMask is one of the most popular wallets for storing Ethereum and other cryptocurrencies, with over 30 million active monthly users. It means that its users must know every possible risk they could be exposed to from using the wallet and how to guard against it. Following the iCloud phishing attack, it released a guideline on how Apple users can prevent these phishing attacks.