MetaMask, a crypto wallet company owned by ConsenSys, has issued a warning to the public about Apple iCloud phishing assaults.
The vulnerability affects iPhone, Mac, and iPad users since default device settings save a user’s seed phrase or “password-encrypted MetaMask vault” on the iCloud if the user has allowed automatic backups for their app data.
Users risk losing their assets if their Apple password “isn’t strong enough” and an attacker is able to phish their account credentials, according to a Twitter thread posted on April 18.
To ensure the safety of the wallet, MetaMask released a tweet detailing the instructions:
Warnings from a MetaMask user who fell, victim
The MM warning came in response to allegations from an NFT collector known on Twitter as “revive dom,” who reported on April 15 that this precise security problem deleted his whole wallet, which included $650,000 worth of digital currencies and NFTs.
DAPE NFT project founder “Serpent” – who also helped capture the attention of MetaMask by sharing the news with their 277,000 followers – presented a synopsis of what occurred to the victim in a different thread earlier today.
The victim got repeated text messages urging him to change his Apple ID password, as well as a phony call from Apple that was ultimately a faked caller ID, according to him.
“revive dom” gave over a six-digit verification number to establish that he was the owner of the Apple account, despite the fact that he was apparently unaware of the caller. The fraudsters then hung up and used data from his iCloud account to get access to his MetaMask account.
“revive dom” expressed his displeasure with MetaMask after the warning was issued today, saying that:
“I’m not saying they shouldn’t do it; I’m just saying they should inform us about it.” Don’t tell us we should never keep our seed phrase online, then go ahead and do it behind our backs. If 90% of people were aware of this, I’m willing to bet that none of them would have the app or iCloud turned on.”