MetaMask has issued a warning to its users on phishing attacks done through Apple iCloud. A security vulnerability on Apple devices, including iPhones, Mac and iPads, puts MetaMask user funds at risk of theft.
Cryptocurrency wallet users are usually targeted by phishing campaigns. Hackers use phishing campaigns to gain unauthorized access to wallets to steal funds.
MetaMask warns of phishing attacks
MetaMask posted a Twitter thread on April 18 describing how Apple users were at risk of losing their funds if they used weak passwords. The attacker can phish account details if the user has enabled automatic backups for their application data.
“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” the tweet read.
MetaMask added that this issue could be sorted if the user turned off the automatic iCloud backups for MetaMask. “If you want to avoid iCloud surprising you with unregistered backups in the future, you can turn off this feature.”
MetaMask warning comes as a user loses $650,000
The MetaMask warning was in response to a report by an NFT collector going by the name “revive_dom” on Twitter. The user published a tweet on April 15 saying that $650,000 worth of cryptocurrencies and NFTs were stolen after the vulnerability with iCloud backups.
The NFT collector said that he received several text messages urging him to reset his password on Apple ID. He even received a call from someone claiming to be Apple’s support team asking for a six-verification code. The unsuspecting user shared the verification code with the attacker. As soon as the code was shared, the call was disconnected, and the attackers were able to access his MetaMask account using the data backed up on iCloud.
Some community members were supportive of the victim, but some were quick to advise other users against storing valuable digital assets on hot wallets. Cold wallets are generally considered to be more secure.
In response to MetaMask’s warning, revive_dom said, “I’m not saying they shouldn’t do it, but they should tell us. Don’t tell us to never store our seed phrase digitally and then do it behind our backs. If 90% of the people knew this, I would bet none of them would have the app or iCloud on.”
Your capital is at risk.
Read more:
