Crypto wallet provider Metamask alerts Apple users regarding possible phishing attacks targeting iCloud.
Metamask notified the users via a Twitter thread that if their password isn’t strong enough and someone phishes their iCloud credentials it can mean their funds could be stolen.
The vulnerability affects Apple users since default device settings store a user’s seed phrase or password-encrypted MetaMask vault on the iCloud if the user has allowed automatic backups for their app data.
Users can disable the iCloud backup option by turning off the option in the Settings. Unrequested backups can also be shut down in the Settings by disabling iCloud Backup.
The Twitter thread was posted after a Twitter user revive_dom reported that the whole wallet, worth $650,000 in virtual assets, had been wiped out. The user claims it happened due to this iCloud backup vulnerability.
Another Twitter user Serpent broke down how revive_dom lost his assets. The latter actually received several text messages requesting that he update his Apple ID password, as well as a phone call from Apple with a forged caller ID.
revive_dom gave over a six-digit verification number to validate that they were the owner of the Apple account, despite the fact that they were apparently unaware of the caller.
The scammers then hung up and used data from his iCloud account to gain access to his MetaMask account. The victim lost three MAYC and three Gutter Cat NFTs along with 100k worth Ape tokens.
revive_dom is currently offering a 100k reward if the hacker returns the assets.
When the statement from Metamask came out, the victim expressed how the wallet provider stored user seed phrases without their knowledge.
After this incident, the Crypto Twitter community once again highlighted the importance of cold wallet storage to protect your digital assets, and cautioning to never share your personal information with any third-party.
Ironically just last month Metamask announced a new app update for iOS users on account of which they can purchase ETH and other cryptos directly from the app using ApplePay. Metamask revealed that it does not profit from gas fees when completing an ETH purchase.
