The firm is warning that If an Apple user enables automatic iCloud backups of their MetaMask wallet data, their seed phrase can be online stored.
ConsenSys-owned crypto wallet provider MetaMask has sent out a warning to the community regarding Apple iCloud phishing attacks.
The security issue for iPhone, Mac, and iPad users is related to default device settings. This sees a user’s seed phrase or “password-encrypted MetaMask vault”. Further, this vault is on the iCloud if the user has enabled automatic backups for their app data.
In a Twitter thread posted on April 18, MetaMask noted that users run the risk of losing their funds if their Apple password “isn’t strong enough”. Basically, an attacker is able to phish their account credentials.
To fix the issue, users can disable automatic iCloud backups for MetaMask as detailed
Read More Stories: CEO of Apple Inc is a Crypto Holder, Meta Desires 50% of NFT sales, Coke’s Metaverse Flavor and More in Nifty News Session
Response to the Metamask Warning
The warning from MetaMask came in response to reports from an NFT collector who goes by “revive_dom” on Twitter. They stated on April 15 that their entire wallet containing $650,000 worth of digital assets and NFTs were wiped via this specific security issue.
In a separate thread earlier today, DAPE NFT project founder “Serpent”. This Serpent also helped gain the attention of MetaMask via posting and sharing the story with their 277,000 followers. They are giving a rundown of what happened to the victim.
They noted that the victim received multiple text messages asking to reset his Apple ID password along with a supposed call from Apple which was ultimately a spoofed caller ID.
As they were reportedly unsuspecting of the caller, “revive_dom” handed over a six-digit verification code to prove that they were the owner of the Apple account. The scammers subsequently hung up and accessed his MetaMask account via data stored on iCloud.
After MetaMask posted the warning today, “revive_dom” expressed his frustrations with the company, noting that:
“I’m not saying they shouldn’t do it but they should tell us. Don’t tell us to never store our seed phrase digitally and then do it behind our backs. If 90% of the people knew this I would bet none of them would have the app or iCloud on.”
While most of the community response was supportive, others were quick to emphasize the importance of using cold storage.
Checkout: NFT-related applications, Mastercard files for Fifteen metaverses, DBS Eyeing for the Metaverse- Is Meta Banking in Boom?
