The Coin Leaks News: MetaMask, a well-known Web3 wallet, warned that automated Apple iCloud backups can be an issue that could let hackers steal money of its customers.
The maker of wallet software advises users to deactivate these backups of data.
The team posted in an Twitter message on Sunday that users’ money could be stolen if they’ve set up a backup to MetaMask files on Apple smartphones. A compromise of this kind could occur in the event that someone gained access to the app’s sensitive data that is uploaded to iCloud specifically through attacks that rely on phishing.
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” the MetaMask team has written.
The announcement came only a few days after an MetaMask user identified as Domenic Iacovone claimed that they had lost numerous NFTs and assets that were valued at around $655,000 when someone accessed his iCloud account.
What is believed to have occurred is that an intruder gained the control over the Iacovone’s iCloud account and took his wallet’s Keystore -the file that was in JSON format that contained an encrypted copy that contained the wallet’s personal key that was needed to sign off on transactions.
In addition, Apple’s mobile devices can upload data from apps automatically. When backing up the files that contain key private information (which are intended to be used only local on the gadget) could be transferred onto Apple’s cloud server which criminals could be able to access in the scenario of a phishing scam such as.
According to Serpent who is the co-founder of the security firm that is focused on crypto Sentinel the hacker posed as a representative from “Apple Inc” and sent texts to Iacovone inquiring to change the Apple ID password. The hacker contacted Iacovone via his cell phone and made calls using a fake caller ID.
1/ On April 15th, @revive_dom received multiple text messages asking to reset his Apple ID password and at 6:32 PM he received a call from "Apple Inc." which was a spoofed caller ID.
They claimed that there was suspicious activity on his Apple ID and they asked for a one-time pic.twitter.com/fc8lSntgyP
— Serpent (@Serpent) April 17, 2022
After obtaining the code the hacker gained the option of changing the security password and later gained access to Iacovone’s private keys file. This allowed the way for their MetMask wallet, and the capability to transfer the affected assets.
Iacovone reported that several in his tokens that are non-fungible (NFTs) were seized at the time of the incident that included three NFTs belonging to the Mutant Ape Yacht Club (#28478 #8952, #7536) as well as three Gutter Cat Gang (#2280, #2769 and #2325). Additionally, in addition to the NFTs Iacovone claimed that the hacker smuggled out APE tokens worth $100,000.
The incident indicates that neither MetaMask or Apple is to blame. The problem was due to the weak security of operations by Iacovone as well as an inbuilt feature on Apple devices, one that users can switch off. MetaMask has MetaMask team has, however suggested that users disable iCloud backups. They have also posted information on how to disable it.
You can disable iCloud backups for MetaMask specifically by turning off the toggle here:
Settings > Profile > iCloud > Manage Storage > Backups.
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
The past has seen a string of attacks have targeted owners of valuable NFTs by either emails-based phishing or via the distribution of hyperlinks that resemble phishing designed to gain access over crypto wallets such as MetaMask. Last month The Block reported that 35 NFTs which included Bored Apes and Bored Apes, were stolen through phishing attacks that were spread through malicious links on Twitter, a social media platform. Twitter.
MetaMask has not responded to a comment request by press time.