MetaMask has issued a warning to users of iPhone, Mac, and iPad devices of a phishing attack strategy after a user reported losing $650,000.
The threat particularly concerns devices that have automatic backups to iCloud, which is often a default setting.
Some users save their seed phrases on iCloud and run the risk of being compromised in the eventuality of an attacker discovering their password.
“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” reads the warning from MetaMask.
The warning also came with tips on how users can protect themselves from the threat. The easiest method is for users to disable iCloud backups by navigating to settings and making the necessary changes on the backups menu.
Disable iCloud backups, advises MetaMask
In order to avoid getting caught by surprise, MetaMask recommends that backups should be turned off.
A Twitter user with the handle “revive_dom” announced that his entire holdings had been stolen, including expensive NFTs and other assets. His losses amounted to around $650,000 according to security expert “Serpent.” The hacker accessed his seed phrase from iCloud.
According to the chronicle of events, revive_dom received text messages asking him to change his Apple ID password. A follow-up call from a spoofed Apple caller ID requested a one-time verification code to prove his ownership of the account. He complied and the scammers used the code to reset his password.
“The scammer will have access to the victim’s iCloud account, giving them free access to everything including all the data MetaMask stores on iCloud,” wrote Serpent.
He went on to advise the use of cold wallets and to never give out verification codes. “Caller information is easy to spoof. Companies like Apple will never call you.”
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.