MetaMask, the crypto wallet provider, has warned its community regarding Apple iCloud phishing attacks. The vulnerability, if taken advantage of, can result in stolen funds which can be a headache for users. The issue is with regards to iCloud backups where MetaMask users’ seed phrase is backed up to the iCloud whenever anyone enables automatic backups for app data.
The seed phrase, in other words, is also called a “password-encrypted MetaMask vault”. The warning basically states that if you turn on automatic iCloud backups of your MetaMask wallet data, your seed phrase is being stored online. The seed phrase is vulnerable to hackers as if a hacker phishes your iCloud credentials, these attackers can then steal your funds.
MetaMask issued the warning on Twitter following an incident where an NFT collector who goes by “revive_dom” on Twitter, had their entire wallet wiped because of this specific security issue. The wallet contained $650,000 worth of digital assets and nonfungible tokens (NFTs).
Per the user, he got a phone call from Apple on his caller ID which looked legitimate. As he Suspected a scam, he called the aforementioned Apple number back and somebody answered asking for a code that was sent to his phone. As the code was given to the scammers, the user’s wallet was wiped 2 seconds later.
So if you are an Apple user and use MetaMask, here’s what you should do:
- Go to Settings > Profile > iCloud > Manage Storage > Backups, then turn off the toggle.
- To ensure that iCloud doesn’t initiate backups you didn’t allow, go to Settings > Apple ID/iCloud > iCloud Backup and turn it off.