ConsenSys company that developed the cryptocurrency wallet, MetaMask has warned users of Apple devices, especially iPhones, Macs, and iPads with iCloud phishing attacks.
Warning for users who have enabled automatic support (backup) for MetaMask application data because the setting allows the device to track seed phrases.
MetaMask took the matter seriously via an official tweet on its Twitter page today:
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
- MetaMask 🦊💙 (@MetaMask) April 17, 2022
The app prompts Apple device users to automatically disable iCloud support for the MetaMask app.
Incidents of fund theft caused by hacked iCloud data can occur at any time if a user uses a weak password.
For the record, MetaMask was integrated with Apple Pay by the end of March.
What happen?
It is understood a collector of non-fungible tokens (NFT) known as ‘revive_dom’ on Twitter has informed his wallet-which owns a total of NFTs and crypto assets worth $ 650,000-has disappeared due to security issues.
The incident caught the attention of DAPE NFT project founder, Serpent who in turn tried to impress MetaMask through the course of the incident in a thread of Twitter tweets.
The victim allegedly received several messages asking for him to reset his Apple ID password along with a call from Apple.
Without suspecting anything, ‘revive_dom’ handed over a six-digit verification code proving he was the owner of the account, without realizing that apparently the call was fake, not from Apple.
In the blink of an eye his MetaMask account was accessed because there was related data stored in iCloud.
So, be careful with ‘automatic backup’ in iCloud. It seems easy, but if it's hit, then you want to get upset.
At the same time, crypto investors should not be too naive, should they? Any message or call from any so-called legitimate entity requesting your personal data involves a password, seedphrase, or bank account number, don’t be quick to panic but just ignore it.
If you are not comfortable sitting down, try to contact the official yourself or do an internet search for any notifications for reference and assistance.