Yesterday, MetaMask warned its users that their iCloud accounts could be used to phish them. Many people use MetaMask. It is thought to be one of the most secure online wallets. However, when the company issues a warning like this, people should pay attention to what they say.
It came to light yesterday when MetaMask told people that the vaults that held encrypted passwords were sent to the Apple cloud. This happened if the user had the iCloud backup option turned on. If someone tries to get into iCloud accounts through a phishing attack, a person’s passwords can be stolen. Unfortunately, this includes the passwords for their crypto wallets, too. Accordingly, MetaMask sent out this tweet to warn people about a possible hack.
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
How Does The Scam Work?
The tweet was made in response to the news of a Twitter user called Domenic Iacovone. He announced that his entire MetaMask wallet had been totally wiped out. Additionally, he had non-fungible tokens (NFTs) from the Mutant Ape Yacht Club project in his MetaMask wallet, as well as NFTs from other projects. Moreover, he had about $100,000 worth of APE.
Regarding the issue, he explained how the scam happened. The caller ID on his phone said Apple. He called back because he thought it was a scam. However, the number was an Apple one. That is why he believed them. After answering the phone, they asked him for a code that was sent to his phone. Then, in two seconds, his entire belongings in that wallet were stolen.
Furthermore, there was an article on Business Insider India that talked about a Twitter user called Serpent. This person had information about the hack. He said that $650,000 worth of NFTs and cryptocurrencies had been taken from the wallet.
After what happened, he went on Twitter and explained everything. He says that MetaMask actually stores your seed phrase file on your iCloud. So, the scammers asked for the victim’s Apple ID password to be changed. They were able to take over the Apple ID and access iCloud only after they got the 2FA code. This gave them access to the victim’s MetaMask.