See More

MetaMask Issues Warnings to iCloud Users After $650K Phishing Attack

2 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • MetaMask has warned that Apple users are at risk of phishing attacks.
  • Falling victim to a phishing attack could mean a loss of funds.
  • Users are advised to protect themselves by disabling backups.
  • promo

MetaMask has issued a warning to users of iPhone, Mac, and iPad devices of a phishing attack strategy after a user reported losing $650,000.

The threat particularly concerns devices that have automatic backups to iCloud, which is often a default setting.

Some users save their seed phrases on iCloud and run the risk of being compromised in the eventuality of an attacker discovering their password. 

“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” reads the warning from MetaMask.

The warning also came with tips on how users can protect themselves from the threat. The easiest method is for users to disable iCloud backups by navigating to settings and making the necessary changes on the backups menu. 

Disable iCloud backups, advises MetaMask

In order to avoid getting caught by surprise, MetaMask recommends that backups should be turned off. 

A Twitter user with the handle “revive_dom” announced that his entire holdings had been stolen, including expensive NFTs and other assets. His losses amounted to around $650,000 according to security expert “Serpent.” The hacker accessed his seed phrase from iCloud.

According to the chronicle of events, revive_dom received text messages asking him to change his Apple ID password. A follow-up call from a spoofed Apple caller ID requested a one-time verification code to prove his ownership of the account. He complied and the scammers used the code to reset his password.

“The scammer will have access to the victim’s iCloud account, giving them free access to everything including all the data MetaMask stores on iCloud,” wrote Serpent. 

He went on to advise the use of cold wallets and to never give out verification codes. “Caller information is easy to spoof. Companies like Apple will never call you.”

Top crypto projects in the US | June 2024



In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Wahid Pessarlay
Wahid loves to write, especially about Crypto and Blockchain. He started his blogging journey in 2017 and turned to crypto in 2019. Wahid is interested in tech, chess and DeFi. He aims to promote decentralization to everyone on the planet.