What this means is that a user’s iCloud account could be compromised. This is dangerous because if your iCloud credentials and access is compromised, it means that all passwords on your account, including linked cryptocurrency wallets would be available to hackers.
What must you do in this situation? As Metamask put it, simply disable iCloud backups for your cryptocurrency wallets. Metamask has also prepared a guide for you to follow in case you don’t know how it’s done, Decrypt reported.
You can disable iCloud backups for MetaMask specifically by turning off the toggle here:
Settings > Profile > iCloud > Manage Storage > Backups.
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
How was this vulnerability reported?
A Twitter user under the alias “Domenic Iacovone” shared details about how their funds stored in the Metamask wallet were “totally wiped out” by hackers.
“Got a phone call from Apple, literally from Apple (on my caller ID). Called it back because I suspected fraud and it was an Apple number. So I believed them. They asked for a code that was sent to my phone, and 2 seconds later, my entire MetaMask was wiped,” Domenic Iacovone wrote on April 15.
Domenic Iacovone lost a lot of digital assets to the phishing attack – including non-fungible tokens (NFTs) from Mutant Ape Yacht Club (MAYC) collection. Decrypt reported that their account also had $100,000 in ApeCoin and other NFTs. To recover their assets, Iacovone has set up a $100,000 reward.
This is how it happened, Got a phone call from apple, literally from apple (on my caller Id) Called it back because I suspected fraud and it was an apple number. So I believed them
They asked for a code that was sent to my phone and 2 seconds later my entire MetaMask was wiped
— Domenic Iacovone (@revive_dom) April 14, 2022
In a different thread, Dape NFT’s founder “Serpent” explained how the hack was initiated. According to him, “MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim’s Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim’s MetaMask.”
3/ MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim’s Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim’s MetaMask.
— Serpent (@Serpent) April 17, 2022
Metamask currently has 30 million monthly active users who are now vulnerable if they don’t turn off backups manually. If you use Metamask or similar services to back up details about your crypto wallets on iCloud, we suggest you temporarily disable them.
What do you think about this new phishing exercise in town for iCloud crypto users? Let us know in the comments below. For more in the world of technology and science, keep reading Indiatimes.com.