MetaMask Issues Warning About Phishing Attacks Via iCloud After a User Lost USD 650K

Source: AdobeStock / bilalulker

 

Popular software crypto wallet MetaMask has issued a warning about possible phishing attacks through Apple’s cloud service iCloud. The warning comes after scammers managed to steal USD 650,000 worth of crypto using this attack vector.

The company detailed that MetaMask vaults, the encrypted passwords also known as seed phrases, are uploaded to iCloud if the backup option is enabled. This would enable scammers to gain access to the seed phrase as soon as they compromise a user’s iCloud account.

"If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault," MetaMask said. "If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds."

MetaMask also provided users with a guide on how to disable iCloud backups for MetaMask.

The warning comes after scammers used this attack vector to drain funds from a user's MetaMask wallet. Called Domenic Iacovone on Twitter, the user says he received a call from "Apple."

The user got multiple text messages asking him to reset his Apple ID password on April 15, according to Serpent, founder of Sentinel, a discord and crypto threat mitigation system.

The messages came from a spoofed caller ID trying to impersonate "Apple Inc." They said there was suspicious activity on the victim's Apple ID and asked for a one-time verification code to prove the owner of the Apple ID account.

"After giving the 6 digit verification code, the scammers hung up and his MetaMask wallet was wiped, with over [USD] 650,000 stolen," Serpent said, adding that this was possible because the user's seed phrase was saved on their iCloud.

In total, the user lost ETH 132.86 (USD 387,500) and USDT 252,400, currently worth some USD 639,900. Notably, the stolen funds were worth north of USD 655,000 on the day of the incident when ETH was trading much higher.

Meanwhile, in a recent Twitter thread, Taylor Monahan, founder and CEO at MyCrypto, an Ethereum wallet manager, noted the countless ways that a MetaMask wallet user can lose their secret recovery phrase and "get rekt."

She detailed that sharing the secret recovery phrase on websites, chatbox, and email, sharing computer screen, clicking on malicious links, and having iCloud backup enabled, among others, could all lead to bad actors gaining access to users' funds.

Meanwhile, some users blamed MetaMask for storing the seed phrase on iCloud, asking for a quick fix.

"The fact that Metamask stores your phrase on iCloud is a major security risk especially when it comes to social engineering and how large the industry is," one Twitter user said. "Metamask needs to disable that feature or make it tougher for malicious actors."

____

Learn more:
- Scammers Impersonate CoinMarketCap to Sell Fake 'CMC' Tokens
- Here's How You Can Protect Yourself Against Phishing as Trezor is Attacked

- Bored Ape Yacht Club and MetaMask Join the Altcoinization Bandwagon
- Decentralization Debate Heats Up Again as MetaMask, OpenSea Block Users

- MetaMask to Add Support for NFTs
- MyCryptoMetaMask Ethereum Move