Metamask warned Apple users over iCloud phishing attacks and the company warned that if the users enabled automatic backups of the wallet data, their seed phrase is being stored online so let’s read more today in our latest cryptocurrency news today.
Consensys-owned crypto wallet provider MetaMask warned Apple users over iCloud phishing attacks and the security issue for iPhone, iPad, and Mac users are related to the default device settings which sees a user’s seed phrase of the password-encrypted wallet vault stored on the iCloud if the user enabled automatic backups for the app data.
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
In the Twitter thread posted recently, MetaMask noted that the users run the risk of losing funds if the Apple password is not strong enough and the attacker is able to phish the account credentials. To fix the issue, the users can disable automatic iCloud backups for the MetaMask as detailed. The warning from MetaMask came in response to the reprots from the NFT collector that goes by “revive_dom” on Twitter that stated on April 15 that the entire wallet containing $650,000 worth of the digital assets whcih was wiped via the specific security issue.
In the separate thread today, DAPE NFT project founder “Serpent” also helped gain the attention of the wallet via posting sharing the story with the 277,000 followers gave a rundown of what exactly happened to the victim. They noted that the victim recieved multiple text messages which asked the reset his Apple ID password along with the call from Apple that was ultimately a spoofed called IF. As they were unsuspecting of the caller, “revive_dom” handed in a six-digit verification code that can provide that they were the owner of the apple account, and the scammers hung up and accessed the MetaMask account the stored on iCloud.
After MetaMask posted the warning, the “revive_dom” expressed more frustrations with the company saying:
“I’m not saying they shouldn’t do it but they should tell us. Don’t tell us to never store our seed phrase digitally and then do it behind our backs. If 90% of the people knew this I would bet none of them would have the app or iCloud on.”
5) The scammer will have access to the victim's iCloud account, giving them free access to everything, including all the data MetaMask stores on iCloud
Total stolen:
132.86 ETH ($402,988 USD)
252,400 USDT
—————–
$655,388— Serpent (@Serpent) April 17, 2022
Most of the community response was supportive, others were fast to outline the importance of using cold storage and doing a lot more than due diligence when storing the asset in a hot wallet.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post