Apple Inc (NASDAQ: NASDAQ:AAPL) users who have enabled an iCloud backup for app data could be at the risk of losing cryptocurrency stored in their MetaMask wallet.
What Happened: In a Twitter (NYSE:TWTR) update on Sunday, MetaMask warned users that they may be susceptible to phishing attacks if their Apple ID password “isn’t strong enough.”
You can disable iCloud backups for MetaMask specifically by turning off the toggle here:See Also: What is MetaMask Wallet?Settings > Profile > iCloud > Manage Storage > Backups.
— MetaMask (@MetaMask) April 17, 2022
MetaMask’s announcement comes after a user by the name of Domenic Iacovone reported as much as $650,000 stolen from his MetaMask wallet as a result of a phishing scam.
This is how it happened, Got a phone call from apple, literally from apple (on my caller Id) Called it back because I suspected fraud and it was an apple number. So I believed themAccording to a run-down of the events by DAPE NFT Founder “Serpent”, the scammers were able to access Iacovone’s MetaMask wallet because his seed phrase had been automatically saved on his iCloud storage without his knowledge.They asked for a code that was sent to my phone and 2 seconds later my entire MetaMask was wiped
— Domenic Iacovone (@revive_dom) April 14, 2022
3/ MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim's Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim's MetaMask.The scammers used a spoofed caller ID marked as Apple to convince the user a share a code sent to his device, claiming suspicious activity linked to his account.— Serpent (@Serpent) April 17, 2022
After he shared the code, the scammers used it to reset his Apple password and enter his iCloud account, where they were able to access all data stored, including the one stored by MetaMask.
The scammers stole 132.86 Ethereum (CRYPTO: ETH) worth $402,988 and $252,400 in Tether (CRYPTO: USDT).
© 2022 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.