- A Twitter user said that digital assets worth $650,000 were stolen from their MetaMask wallet through this scam.
- MetaMask has noted that those who use iCloud backups could be susceptible to this hack.
- MetaMask’s wallet is amongst the most common crypto wallet services online.
Crypto wallet MetaMask is warning its community of users about possible phishing attacks through
Apple’s iCloud service. In a tweet on April 17, the company warned its users that the encrypted passwords for their accounts, called MetaMask vaults, will be uploaded to Apple’s cloud service if the iCloud backup option is enabled on the app. As a result, a phishing account that compromises a user’s iCloud account will also compromise their passwords and hence their
crypto wallets.
“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” the tweet read, followed by two others that showed users how to disable iCloud backups on their MetaMask wallets.
MetaMask’s warning isn’t a random post from a company looking to brand itself as a security-conscious firm. The Twitter thread was posted after a user, who goes by Domenic Iacovone on Twitter, posted that his entire MetaMask wallet had been “totally wiped out”.
On April 15, the user tweeted that his MetaMask wallet contained non-fungible tokens (NFTs) MAYC 28478, MAYC 8952, and MAYC 7536 from the Mutant Ape Yacht Club (MAYC) 10K project. It also had 100K in Ape coin and other NFTs, the user
said.
“This is how it happened. Got a phone call from Apple, literally from Apple (on my caller Id) Called it back because I suspected fraud and it was an Apple number. So I believed them. They asked for a code that was sent to my phone and 2 seconds later my entire MetaMask was wiped,” the user wrote in his thread.
According to “Serpent”, the founder of a project called DAPE
NFT, the contents of the user’s wallet were worth $650,000. He explained the hack in a separate Twitter thread, saying, “MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim's Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim's MetaMask.”
Users under threat
MetaMask’s warning isn’t to be taken lightly either. The company runs one of the largest crypto wallets in the world in terms of the user base. While MetaMask has competitors, like
Ronin, the company had announced in March that it surpassed the 30 million user mark worldwide.
In fact, its chief competitor Ronin was also part of a crypto hack recently. The wallet attached to the popular NFT game Axie Infinity
suffered a $625 million hack last month. That hack, however, was much more complex than the MetaMask phishing scam explained above.
SEE ALSO:
How to hide a contact on WhatsApp
Extreme Poverty in India declined 12% in the last decade, says World Bank
Next Story
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
Vodafone Idea FPO allotment – How to check allotment, GMP and more
Indians can now get multiple entry Schengen visa with longer validity as EU eases norms
Investing Guide: Building an aggressive portfolio with Special Situation Funds
Markets climb in early trade on firm global trends; extend winning momentum to 3rd day running
Impact of AI on Art and Creativity
Reliance Industries quarterly profit stays flat; annual earnings hit record at ₹69,621 crore
