• Home
  • News
  • Apple Users Warned By MetaMask Over Potential Phishing Attacks Via iCloud

NEWS

Apple Users Warned By MetaMask Over Potential Phishing Attacks Via iCloud

Posted on April 19, 2022 by

Apple users are being warned by cryptocurrency wallet MetaMask over some security vulnerabilities involving iCloud backups.

The warning is said to be against potential phishing attacks for all iPhone, iPad, and Mac users. It involves certain default device settings which store MetaMask users’ seed phrase onto iCloud, whenever anyone enables automatic backups for app data. The seed phrase is also called a “password-encrypted MetaMask vault.”

The warning is said to be against potential phishing attacks for all iPhone, iPad, and Mac users. It involves certain default device settings which store MetaMask users’ seed phrase onto iCloud, whenever anyone enables automatic backups for app data. The seed phrase is also called a “password-encrypted MetaMask vault.”

The MetaMask vault being stored in Apple users’ iCloud credentials can lead to “stolen funds,” which is why they taught people how to disable their iCloud backups to avoid phishing attacks. If you’re a MetaMask user, here’s what you need to do:

Go to Settings > Profile > iCloud > Manage Storage > Backups, then turn off the toggle.
To ensure that iCloud will not “surprise” you with backups you didn’t allow, go to Settings > Apple ID/iCloud > iCloud Backup and turn it off.

How Did The Phishing Attack Go?

The MetaMask user, who posted that he’s giving a 100k reward to anyone who gets (or helps get) his digital assets back, also tweeted how everything went down.

According to him, he got a phone call from Apple on his caller ID which looked quite legitimate. Suspecting a scam, he called the aforementioned Apple number back and somebody answered, asking for a code that was sent to his phone. It is assumed that he told them the code, and his entire MetaMask was wiped “2 seconds later.” It is safe to assume that the caller who answered sounded real enough, which fooled the user in spades.

It is very likely that the malicious code sent to his phone in the guise of something like an OTP (one-time password) was the one that led to his assets being stolen. That is one of the hallmarks of phishing-tricking you into doing something you never intended.

In total, the user lost 132.86 ETH from his wallet (over $400k at the time of the theft) and 252,400 USDT for a total loss of $655,388.

In the aftermath of the theft and the discovery of the security flaw, many MetaMask users have emphasized the importance of using cold storage for all your digital assets. Aside from that, they also preached that people be extra careful when storing what they own inside a hot wallet.

Original Post: Apple Users Warned By MetaMask Over Potential Phishing Attacks Via iCloud