Crypto wallet MetaMask is warning its community of users about possible phishing attacks through Apple’s iCloud service. In a tweet on April 17, the company warned its users that the encrypted passwords for their accounts, called MetaMask vaults, will be uploaded to Apple’s cloud service if the iCloud backup option is enabled on the app. As a result, a phishing account that compromises a user’s iCloud account will also compromise their passwords and hence their crypto wallets.
The target received multiple text messages asking to reset his Apple account and the attacker then followed up with a call from a spoofed Apple Inc. number pretending to be the firm’s support agents investigating suspicious activity on his account.
The victim followed the instructions and provided the fake support agents the six-digit verification code received from Apple. Soon, his MetaMask wallet was emptied.
The hackers had already requested one final Apple account password reset and all they needed was the additional verification to access the victim’s iCloud data where the MetaMask seed was backed up. This allowed them to steal $655,388 worth of crypto.
MetaMask has issued a warning to Apple users, so they don’t find themselves at the wrong end of this iCloud phishing hack.
MetaMask detailed how to remove the automatic backup function from their Apple devices. In a statement via their Twitter page, they acknowledged the hack on Sunday evening. They said, “If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.”.
The post shows how to do this and will undoubtedly save some people’s Crypto funds and NFTs. However, this will come as a late consolation for those who have already fallen victim to this iCloud MetaMask phishing scam.
To keep your digital assets safe from such tricky attacks, make sure to exclude MetaMask from iCloud backups via Settings > Profile > iCloud > Manage Storage > Backups.
The two-factor authentication code is a temporary secret that should not be shared with anyone, regardless how convincing a call, email, or SMS may appear. Official representatives would never ask for it.
Additionally, cryptocurrency users can keep their assets safer in a cold wallet if they’re not actively trading them instead of the MetaMask hot wallet.
Finally, keeping your investments out of social media and other public channels make you less of a target as hackers are keeping an eye for fresh, high-value victims.