The MetaMask wallet has one of the largest user bases in the sector and it is considered one of the most secure online wallets, so when the company puts out such a warning it should certainly be heeded.
The issue was publicised by MetaMask yesterday and the company warned that the MetaMask vaults that held the user’s encrypted passwords were uploaded to the Apple cloud if the user had the iCloud backup option enabled on the app.
Therefore, if a phishing attack on a user’s iCloud account was successful, all their passwords could be compromised, including those of their crypto wallets.
MetaMask published the following tweet to warn of the potential hack:
The tweet was prompted after a Twitter user called Domenic Iacovone tweeted that his entire MetaMask wallet holdings had been “totally wiped out”. He said that his MetaMask wallet had contained NFTs from the Mutant Ape Yacht Club project, and also other NFTs. In addition he was holding around $100k in Ape coin.
He wrote:
“This is how it happened. Got a phone call from Apple, literally from Apple (on my caller Id) Called it back because I suspected fraud and it was an Apple number. So I believed them. They asked for a code that was sent to my phone and 2 seconds later my entire MetaMask was wiped,”
An article on Business Insider India quoted a Twitter user called “Serpent” who had knowledge of the hack. He said that a total of $650,000 in NFTs and cryptocurrencies had been stolen from the wallet. He explained the attack in a Twitter thread, saying:
“MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim’s Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim’s MetaMask.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.