Metamask warned that if an Apple user has enabled automatic iCloud backups of their MetaMask wallet data, their seed phrase is being stored online.
ConsenSys-owned crypto wallet provider MetaMask has sent out a warning to the Apple community regarding Apple iCloud phishing attacks.
The security issue for iPhone, Mac, and iPad users is related to default device settings which see a user’s seed phrase or “password-encrypted MetaMask vault” stored on the iCloud if the user has chosen automatic backups for their application data.
Metamask Warning for Apple Users
In a Twitter thread posted on Monday, MetaMask notifies that users run the risk of losing their funds if their Apple password “isn’t strong enough” and an attacker is able to phish their account credentials easily.
To fix the issue, users can disable automatic iCloud backups for MetaMask,
Phishing Attack Victim
The warning from MetaMask came in as a response to reports from an NFT collector Domenic Iacovone Tweet on Twitter, who stated on Friday that their entire wallet contained $650,000 worth of digital assets and NFTs was wiped because of this specific security issue.
3 days ago, DAPE NFT project founder “Serpent” — also helped gain the attention of MetaMask via posting sharing the story with their 277,000 followers and also gave an assessment of what happened to the victim.
They noted that the victim received multiple text messages asking to reset his Apple ID password along with a supposed call from Apple which turned out to be a spoofed caller ID.
“Domenic Iacovone” handed over a six-digit verification code to prove that he was the owner of the Apple account. The scammers subsequently hung up and accessed his MetaMask account via data stored on iCloud.
After MetaMask’s warning post, Domenic Iacovone expressed his frustrations with the company, he said:
“I’m not saying they shouldn’t do it, but they should tell us. Don’t tell us to never store our seed phrase digitally and then do it behind our backs. If 90% of the people knew this I would bet none of them would have the app or iCloud on.”
While most of the community response was supportive, others were quick to highlight the importance of using cold storage and doing a lot of due diligence when storing assets in a hot wallet.
Hungry for more information?
For more interesting updates on NFTs, connect with NFTHI on Twitter.
NFTHI does not recommend any kind of Investment in NFTs or NFT trading. All the strategies are merely educational references.
Conduct thorough research before you start with NFT trading.