Metamask Warns Apple Users About Icloud Phishing Attacks

Metamask Warns Apple Users About Icloud Phishing Attacks

Metamask Warns Apple Users About Icloud Phishing Attacks

Crypto wallet provider MetaMask, owned by ConsenSys, has sent out a warning to the community about Apple iCloud phishing attacks.

The security issue for iPhone, Mac, and iPad users stems from default device settings that see the user’s seed passphrase or “password-encrypted MetaMask storage” stored in iCloud if the user has enabled automatic backup of their app data. In a Twitter thread posted April 18, MetaMask noted that users risk losing their funds if their Apple password is “not strong enough” and an attacker could phish the credentials. To fix the issue, users can disable iCloud Auto Backup for MetaMask as detailed below:

“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask storage. If your password is not strong enough and someone steals your iCloud credentials, it could mean loss of funds.”

– MetaMask (@MetaMask) April 17, 2022

The warning from MetaMask comes in response to reports from an NFT collector who stated on April 15 that an entire wallet containing $650,000 worth of digital assets and NFTs has been wiped with this particular security issue. Earlier today, the founder of the DAPE NFT project Snake, who also helped get MetaMask’s attention, shared a story with his 277,000 followers about what happened to the victim.

They noted that the victim received several text messages asking them to reset their Apple ID password, along with an alleged call from Apple that ended up being a fake ID. As they reportedly didn’t suspect anything, “revive_dom” handed over a six-digit verification code to prove he was the owner of the Apple account. The scammers subsequently gained access to his MetaMask account through data stored in iCloud.

Key takeaways:

  • ALWAYS use a cold wallet to store your valuables
  • Never give out verification codes to ANYONE
  • Protect your information, don’t give out your phone number or personal email address
  • Companies like Apple will never call you
  • Snake (@Serpent) April 17, 2022

While much of the community’s response has been supportive, others have been quick to highlight the importance of using cold storage and doing due diligence when storing assets in a hot wallet.

Share this post

Leave a Reply

Your email address will not be published.