MetaMask Issues Warning About iCloud Phishing Scam Targeting Crypto Wallets

MetaMask Issues Warning About iCloud Phishing Scam Targeting Crypto Wallets

MetaMask a leading crypto wallet has issued a warning to its users about a potential phishing scam exploiting Apple’s iCloud service. On April 17 the company alerted its community via a tweet that enabling iCloud backup for app data could inadvertently expose their encrypted passwords known as MetaMask vaults to cybercriminals. If a user's iCloud account is compromised it could lead to the theft of their MetaMask credentials and subsequently their cryptocurrency holdings.

In the tweet MetaMask emphasized that users who have activated iCloud backup for their app data risk having their password-encrypted vaults uploaded to Apple’s cloud service. The message warned that if a user’s password is not robust enough any phishing attack targeting their iCloud credentials could result in stolen funds. Along with the warning MetaMask provided guidance on how to disable iCloud backups for their wallets to help protect user funds.

This alert was not issued in a vacuum; it followed a distressing incident involving a user named Domenic Iacovone. Iacovone reported on April 15 that his MetaMask wallet had been completely drained of its contents. His wallet held non-fungible tokens (NFTs) including those from the Mutant Ape Yacht Club (MAYC) project along with a substantial amount of Ape coin. In a tweet he recounted receiving a call from a number that appeared to be Apple’s. Trusting the call he ended up revealing a code that led to the loss of his entire wallet.

According to the founder of DAPE NFT named “Serpent” the total value of the assets in Iacovone’s wallet was approximately $650000. He elaborated on the breach explaining that MetaMask stores users' seed phrase files on iCloud. Scammers managed to request a password reset for Iacovone's Apple ID. After obtaining the two-factor authentication (2FA) code they gained control over his Apple ID and accessed iCloud which ultimately led to the compromise of the victim’s MetaMask wallet.

The warning from MetaMask carries significant weight given that the company is one of the largest crypto wallets in the world boasting over 30 million users. While MetaMask faces competition from other wallets such as Ronin the company’s user base makes it a prime target for phishing scams. For instance Ronin recently suffered a complex hacking incident that resulted in a loss of $625 million tied to the NFT game Axie Infinity demonstrating the ongoing vulnerabilities in the crypto space.

In light of these incidents users are urged to take the necessary precautions to secure their crypto wallets. MetaMask’s warning serves as a crucial reminder of the importance of robust password security and vigilance against phishing attempts particularly when sensitive information is involved.