MetaMask, a popular digital currency wallet, warned users about a potential security flaw in Apple’s cloud storage service. The warnings came after several reports of funds being stolen on Twitter occurred just a few days ago.
This turns out to be a security flaw that could threaten one’s digital assets that Apple thought could help MetaMask users save passwords. The ConsenSys-backed digital currency wallet posted to Twitter that “iCloud backup for app data” will also store the credentials of the “password-protected MetaMask vault.”
If your [iCloud] password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.
MetaMask tweeted on Sunday
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
Users were also given tips on how to protect themselves from the threat in the warning. For users to disable iCloud backups, getting to settings and changing the settings under the backups menu is the easiest way to do so.
Additionally, the providers of digital currency wallets advised users to uncheck the automatic backup feature in a similar Twitter thread when “revive_dom” reported a loss of 6 non-fungible tokens (NFT), including three Mutant Ape Yacht Club collectibles, and more than $250,000 worth of ApeCoin (APE).
Apparently the scam was a phishing attack, as Serpent describes it. To start off with, fraudsters made several password reset requests on behalf of their victim “to make them suspicious.” With some assistance from “caller ID spoofers” they announced themselves to be Apple customer service while asking for the two-factor authentication (2FA) code.
The phishers were able to access the victim’s iCloud account, which contained the MetaMask wallet password, after obtaining the 2FA verification code. While digital currencies have surged in popularity in recent months, scams and thefts have increased nonetheless. More than $14 billion worth of virtual currencies was stolen by hackers in 2021 alone. CNBC recently reported that digital theft rose by 516% last year as compared to the previous year. Moreover, hacking this year hasn’t done so well either, as hackers have already stolen more than a billion dollars from banks as well as other institutions.
