Apple Users Warned By MetaMask Over Potential Phishing Attacks Via iCloud

Apple users are being warned by cryptocurrency wallet MetaMask over some security vulnerabilities involving iCloud backups.

In a report by CoinTelegraph, the warning is said to be against potential phishing attacks for all iPhone, iPad, and Mac users. It involves certain default device settings which store MetaMask users’ seed phrase onto iCloud, whenever anyone enables automatic backups for app data. The seed phrase is also called a “password-encrypted MetaMask vault.”

In other words, if you turn on automatic iCloud backups of your MetaMask wallet data, your seed phrase is being stored online where it is vulnerable to hackers. These attackers can then steal your funds from under your nose.

MetaMask posted the warning to their Apple users on their Twitter account recently:


? If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on ?) 1/3

— MetaMask ?? (@MetaMask) April 17, 2022

According to them, the MetaMask vault being stored in Apple users’ iCloud credentials can lead to “stolen funds,” which is why they taught people how to disable their iCloud backups to avoid phishing attacks. If you’re a MetaMask user, here’s what you need to do:

  • Go to Settings > Profile > iCloud > Manage Storage > Backups, then turn off the toggle.
  • To ensure that iCloud will not “surprise” you with backups you didn’t allow, go to Settings > Apple ID/iCloud > iCloud Backup and turn it off.

MetaMask has also warned that something bad has already happened to a user of theirs as a result of a phishing attack. They mentioned a Twitter user called revive_dom who had their entire wallet containing $650k worth of crypto and NFTs wiped clean.

How Did The Phishing Attack Go?

The MetaMask user, who posted that he’s giving a 100k reward to anyone who gets (or helps get) his digital assets back, also tweeted how everything went down.


Hey y’all, let’s see how amazing this community can be. My entire wallet was just stolen. Totally wiped out,

MAYC 28478, MAYC 8952, MAYC 7536

Gutter cat 2280 , 2769, 2325
Also stole 100k in ape coin.
Looking for all the help I can get.

100kreward @BoredApeYC @GutterCatGang

— Domenic Iacovone (@revive_dom) April 14, 2022

According to him, he got a phone call from Apple on his caller ID which looked quite legitimate. Suspecting a scam, he called the aforementioned Apple number back and somebody answered, asking for a code that was sent to his phone. It is assumed that he told them the code, and his entire MetaMask was wiped “2 seconds later.” It is safe to assume that the caller who answered sounded real enough, which fooled the user in spades.

This does reek of a phishing attack, which is something that can happen beyond just emails with scam links. It is very likely that the malicious code sent to his phone in the guise of something like an OTP (one-time password) was the one that led to his assets being stolen. That is one of the hallmarks of phishing-tricking you into doing something you never intended.

In total, the user lost 132.86 ETH from his wallet (over $400k at the time of the theft) and 252,400 USDT for a total loss of $655,388.

In the aftermath of the theft and the discovery of the security flaw, many MetaMask users have emphasized the importance of using cold storage for all your digital assets. Aside from that, they also preached that people be extra careful when storing what they own inside a hot wallet.

Content retrieved from:

Be the first to comment

Leave a Reply