Apple Inc users who have enabled an iCloud backup for app data could be at the risk of losing cryptocurrency stored in their MetaMask wallet.
What Happened: In a Twitter update on Sunday, MetaMask warned users that they may be susceptible to phishing attacks if their Apple ID password “isn’t strong enough.”
You can disable iCloud backups for MetaMask specifically by turning off the toggle here:
Settings > Profile > iCloud > Manage Storage > Backups.
2/3— MetaMask (@MetaMask) April 17, 2022
MetaMask’s announcement comes after a user by the name of Domenic Iacovone reported as much as $650,000 stolen from his MetaMask wallet as a result of a phishing scam.
This is how it happened, Got a phone call from apple, literally from apple (on my caller Id) Called it back because I suspected fraud and it was an apple number. So I believed them
They asked for a code that was sent to my phone and 2 seconds later my entire MetaMask was wiped— Domenic Iacovone (@revive_dom) April 14, 2022
According to a run-down of the events by DAPE NFT Founder “Serpent,” the scammers were able to access Iacovone’s MetaMask wallet because his seed phrase had been automatically saved on his iCloud storage without his knowledge.
3/ MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim’s Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim’s MetaMask.
— Serpent (@Serpent) April 17, 2022
The scammers used a spoofed caller ID marked as Apple to convince the user a share a code sent to his device, claiming suspicious activity linked to his account.
After he shared the code, the scammers used it to reset his Apple password and enter his iCloud account, where they were able to access all data stored, including the one stored by MetaMask.
The scammers stole 132.86 Ethereum worth $402,988 and $252,400 in Tether.
By Samyuktha Sriram
The Epoch Times Copyright © 2022 The views and opinions expressed are only those of the authors. They are meant for general informational purposes only and should not be construed or interpreted as a recommendation or solicitation. The Epoch Times does not provide investment, tax, legal, financial planning, estate planning, or any other personal finance advice. The Epoch Times holds no liability for the accuracy or timeliness of the information provided.
