“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.”
This was a message that one of the world notable crypto wallets, MetaMask, tweeted to its esteemed users yesterday. It was a warning tweet telling Apple users of the vulnerability of their data when iCloud backs it up automatically.
The MetaMask tweet means that the users of Apple devices whose iCloud automatically backs up could become vulnerable to attack. This is because the setting stores their wallet account credentials online and exposes them to attack.
MetaMask also added in the Twitter thread that users with weak Apple passwords could be vulnerable. It said they could lose all their funds to phishing if their accounts credentials get to an attacker’s hand. However, the best way to fix this is to disable the setting.
A case triggers MetaMask warning
It is obvious that MetaMask issued this warning in response to a recent case where a user lost all his funds. In that attack, investigation revealed he lost due to iCloud-related issue.
Per Serpent’s rundown of this attack, the affected user, Revive_dom, identified as an NFT collector, received unsolicited messages from the scammer. These scammer’s messages required him to change his ID password (Apple).
Following this, he received a fake call from the scammer pretending to be from Apple and handed his verification code to them. This gave the unknown scammer access to over $600k worth of assets in his MetaMask wallet leveraging the user’s iCloud data.
In order to circumvent the recurrence of such cases, Serpent listed some precautions. He suggested the use of an alternative better known as cold wallet. Apart from that, he urged users to avoid releasing their personal information to unknown people.
While this MetaMask tweet warning would save so many from becoming victims of similar attacks, “Revive_dom” is displeased.
He noted that if the majority are aware of the danger associated with iCloud, a few will use the app or enable iCloud automatic backups.
It is worth adding that crypto has continued to evolve. The same thing happens to its players. This MetaMask attacks shows attackers have also continued to grow and are ready to leverage any opportunity to steal funds. However, in order not to be a victim, users should be very careful with their account information.