MetaMask Issues Warnings to iCloud Users After $650K Phishing Attack


MetaMask has issued a warning to users of iPhone, Mac, and iPad devices of a phishing attack strategy after a user reported losing $650,000.

The threat particularly concerns devices that have automatic backups to iCloud, which is often a default setting.

Some users save their seed phrases on iCloud and run the risk of being compromised in the eventuality of an attacker discovering their password. 

“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” reads the warning from MetaMask.

The warning also came with tips on how users can protect themselves from the threat. The easiest method is for users to disable iCloud backups by navigating to settings and making the necessary changes on the backups menu. 

In order to avoid getting caught by surprise, MetaMask recommends that backups should be turned off. 

A Twitter user with the handle “revive_dom” announced that his entire holdings had been stolen, including expensive NFTs and other assets. His losses amounted to around $650,000 according to security expert “Serpent.” The hacker accessed his seed phrase from iCloud.

According to the chronicle of events, revive_dom received text messages asking him to change his Apple ID password. A follow-up call from a spoofed Apple caller ID requested a one-time verification code to prove his ownership of the account. He complied and the scammers used the code to reset his password.

“The scammer will have access to the victim’s iCloud account, giving them free access to everything including all the data MetaMask stores on iCloud,” wrote Serpent. 

He went on to advise the use of cold wallets and to never give out verification codes. “Caller information is easy to spoof. Companies like Apple will never call you.”


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Source link

You might also like
Leave A Reply

Your email address will not be published.