MetaMask has reached out to the community to warn Apple users that they may be subject to a phishing attack due to the special functionality of their gadgets.
The problem is that iPhone, Mac and iPad gadgets have automatic data backup to iCloud cloud storage turned on by default . Thus, if a user has a MetaMask wallet connected, his seed phrase, which opens access to using the wallet, can easily end up on the Internet.
In a Twitter post published on April 18, MetaMask noted that users risk losing their funds if their Apple password is “not strong enough.” And an attacker will be able to forge credentials.
Read More: Elon Musk May Join Cardano To Launch Social Network
To fix this problem, MetaMask representatives recommend that users disable the automatic data backup feature:
“Unless you have disabled iCloud backup of app data, it will include your password-encrypted MetaMask storage. If your password is not strong enough and someone spoofs your iCloud credentials, it could mean theft of funds.”
This message from MetaMask comes right after one of its users complained on Twitter that due to a similar issue, his wallet containing $650,000 worth of digital assets and NFTs was erased.
In turn, the founder of the DAPE NFT “Serpent” project told in more detail what happened to the victim . He noted that the victim received several text messages asking them to reset their Apple ID password, as well as an alleged call from Apple that turned out to be a fake ID. An unsuspecting user handed over a six-digit code to prove he was the owner of an Apple account. The scammers then gained access to his MetaMask account through data stored in iCloud.
Representatives of this project stated on their Twitter:
- “Main conclusions:
- ALWAYS use a cold wallet to store assets;
- Never give verification codes to anyone;
- Protect your information, do not give out your phone number or personal email;
- Caller information is easy to fake. Companies like Apple will never call you.”
In turn, the victim of the fraudulent attack expressed her dissatisfaction with MetaMask:
“I’m not saying they shouldn’t do it. But they have to tell us. No need to tell us never to digitally store our seed phrases and then do it behind our backs. If 90% of people knew this, I would bet none of them would have turned on the app or iCloud.”
While many supported his idea, others emphasized the importance of using a cold wallet and doing due diligence when storing assets in a hot wallet.