Software cryptocurrency wallet MetaMask has warned Apple users of potential phishing attacks on the iCloud.
MetaMask took to Twitter to warn Apple users, after an NFT collector going by the name of “revive_dom” said that his wallet with digital assets worth $650,000 was wiped out owing to a specific security issue on iCloud.
“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” warned MetaMask.
If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on ) 1/3— MetaMask (@MetaMask) April 17, 2022
MetaMask then provided instructions on how users can disable iCloud backups, by going to Settings > Profile > iCloud > Manage Storage > Backups and then disabling.
Additionally, users can also disable unrequested backup requests from Apple by going to settings> Apple ID/iCloud > iCloud > iCloud Backup.
“Hey y’all, let’s see how amazing this community can be. My entire wallet was just stolen. Totally wiped out. Also stole 100k in ape coin. Looking for all the help I can get,” Domenic Lacovone wrote on Twitter on April 15th.
Hey y’all, let’s see how amazing this community can be. My entire wallet was just stolen. Totally wiped out,— Domenic Iacovone (@revive_dom) April 14, 2022
MAYC 28478, MAYC 8952, MAYC 7536
Gutter cat 2280 , 2769, 2325
Also stole 100k in ape coin.
Looking for all the help I can get.
100kreward @BoredApeYC @GutterCatGang
Another Twitter user and NFT collector “Serpent” said that the victim had received text messages after a fake Apple representative called to reset his Apple ID password.
Revive_dom then allegedly provided a six-digit verification code to the hacker, post which Lacovone’s account was compromised with data from iCloud.
Here is the full thread on how the hack took place-
NEW PHISHING SCAM— Serpent (@Serpent) April 17, 2022
Already $650,000 stolen from a single individual and it's going to happen to a lot more people.
This is how it happened
According to Serpent, the key methods by which users can stay safe is by using a cold wallet to store valuables, never giving out verification codes, and not giving out phone number or personal email IDs as they make it easier to spoof.