MetaMask warns Apple users over iCloud phishing attacks

ConsenSys-owned crypto wallet supplier MetaMask has sent retired a informing to the assemblage regarding Apple iCloud phishing attacks.

The information contented for iPhone, Mac, and iPad users is related to default instrumentality settings which spot a user’s effect operation oregon “password-encrypted MetaMask vault” stored connected the iCloud if the idiosyncratic has enabled automatic backups for their app data.

In a Twitter thread posted connected April 18, MetaMask noted that users tally the hazard of losing their funds if their Apple password “isn’t beardown enough” and an attacker is capable to phish their relationship credentials.

To hole the issue, users tin disable automatic iCloud backups for MetaMask arsenic detailed:

If you person enabled iCloud backup for app data, this volition see your password-encrypted MetaMask vault. If your password isn’t beardown enough, and idiosyncratic phishes your iCloud credentials, this tin mean stolen funds. (Read connected ) 1/3

— MetaMask (@MetaMask) April 17, 2022

The informing from MetaMask came successful effect to reports from an NFT collector who goes by “revive_dom” connected Twitter, who stated connected April 15 that their full wallet containing $650,000 worthy of integer assets and NFTs was wiped via this circumstantial information issue.

In a abstracted thread earlier today, DAPE NFT task laminitis “Serpent” – who besides helped summation the attraction of MetaMask via posting sharing the communicative with their 277,000 followers — gave a rundown of what happened to the victim.

They noted that the unfortunate received aggregate substance messages asking to reset his Apple ID password on with a expected telephone from Apple which was yet a spoofed caller ID.

As they were reportedly unsuspecting of the caller, “revive_dom” handed implicit a six-digit verification codification to beryllium that they were the proprietor of the Apple account. The scammers subsequently hung up and accessed his MetaMask relationship via information stored connected iCloud.

Key takeaways
- ALWAYS usage a acold wallet to store your valuables
- Never springiness retired verification codes to ANYONE
- Protect your information, don't springiness retired your telephone fig oregon your idiosyncratic email
- Caller accusation is casual to spoof. Companies similar Apple volition ne'er telephone you

— Serpent (@Serpent) April 17, 2022

Related: MetaMask expands organization offering by integrating caller crypto custodians

After MetaMask posted the informing today, “revive_dom” expressed his frustrations with the company, noting that:

“I’m not saying they shouldn’t bash it but they should archer us. Don’t archer america to ne'er store our effect operation digitally and past bash it down our backs. If 90% of the radical knew this I would stake nary of them would person the app oregon iCloud on.”

While astir of the assemblage effect was supportive, others were speedy to stress the value of utilizing acold retention and doing a batch of owed diligence erstwhile storing assets successful a blistery wallet.