Advertisement
MetaMask, a cryptocurrency wallet provider owned by ConsenSys, has issued a warning to the public about fake attacks on iCloud.
Security issues for iPhone, Mac, and iPad users relate to the default device settings. Accordingly, the user's seed phrase, or "password-encrypted MetaMask vault," is stored on iCloud if the user allows automatic backup of their application data.
(*seed phrase: is a series of words created by a cryptocurrency wallet, giving you access to the crypto assets contained in the wallet. In a Twitter post on Monday, MetaMask noted that users risk losing money if apple passwords are
"not strong enough" and that attackers can steal their credentials. To fix this problem, users can turn off automatic backup of MetaMask data on iCloud.
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
The warning from MetaMask is a response to the case of an NFT collector named "revive_dom" on Twitter reporting that his wallet containing $650,000 in digital assets and that his NFT had been stolen because of this security issue.
In a Twitter post on April 19, user "Serpent," founder of the DAPE NFT project, explained what happened to the victim, helping to draw attention to MetaMask with its 277,000 followers.
They said that the victim received multiple messages asking for a password reset for apple ID and a call believed to be from Apple but was actually a fake ID.
Without a doubt to the caller, the "revive_dom" came up with a 6-digit verification code to prove that they owned this Apple account. The scammer then hangs up and accesses their MetaMask account through data stored on iCloud.
Key takeaways
– ALWAYS use a cold wallet to store your valuables
– Never give out verification codes to ANYONE
– Protect your information, don't give out your phone number or your personal email
– Caller information is easy to spoof. Companies like Apple will never call you— Serpent (@Serpent) April 17, 2022
After MetaMask's warning, "revive_dom" expressed anger at the company: "I'm not saying they shouldn't do it but they should tell us. Don't tell us never to store seed phrases digitally but then do it behind our backs. If 90% of people had known about this before, I bet no one would have used this app or turned on iCloud."
While the community's response has been largely positive, many emphasize the importance of keeping digital wallets offline and investigating thoroughly before storing digital assets in hot wallets.
