Renowned crypto wallet, Metamask, recently issued a warning to its users over using iCloud backups. The platform noted that iCloud users are prone to losing their crypto funds. This came after a crypto user raised the alarm over stolen assets worth about $650,000.
Metamask is one of the most widely used crypto wallets in the system. Many users believe the digital wallet is error-proof. But the platform issued a series of tweets warning its user base about possible phishing attacks through Apple’s iCloud service.
Metamask noted that if a user enables the iCloud backup option on the app, their Metamask vaults (encrypted passwords for their accounts) will be added to Apple’s cloud service. This would lead to a situation where a phishing account that jeopardizes a user’s iCloud account can also compromise their passwords.
As a result, a user’s cryptocurrency wallet might be exposed to theft and losses. Furthermore, by enabling automatic backup for app data, a person’s seed phrase is uploaded to the cloud. A seed phrase is a password via which a person can access their account. In addition, a user ought to safeguard their seed phrase by all means. Risking this digital code has severe effects.
The first Twitter thread read, “If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough and someone phishes your iCloud credentials, this can mean stolen funds. ”
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
Apple Users Need Stronger Passwords
MetaMask recently branched out into Apple’s community after allowing users to purchase digital assets using Apple Pay. As a result, the platform’s users became eligible to buy cryptocurrencies using debit or credit cards. This removed the need to send ETH to the app ahead of time.
But in the face of a possible security breach, Metamask is requesting that Apple users set up a stronger password to prevent scammers from pouncing on their funds. Sadly, fraud in the crypto space is no longer a piece of strange news. Scammers have invaded the crypto space. As a result, different platforms are setting up measures to combat this menace. Unfortunately, some scammers go to great lengths to carry out their deeds. These measures now include impersonating a globally recognized platform like Apple.
Disabling iCloud Backups
A tweet by the user, “revive_dom,” whose funds were stolen, read, “Got a phone call from Apple, literally from Apple (on my caller ID). Called it back because I suspected fraud, and it was an Apple number. So I believed them. They asked for a code that was sent to my phone, and 2 seconds later, my entire MetaMask was wiped. ”
This is how it happened, Got a phone call from apple, literally from apple (on my caller Id) Called it back because I suspected fraud and it was an apple number. So I believed them
They asked for a code that was sent to my phone and 2 seconds later my entire MetaMask was wiped
— Domenic Iacovone (@revive_dom) April 14, 2022
A crypto scam analyst believes the supposed call from Apple was actually from a spoofed caller ID. Also, the analyst further added that the hackers gained access to the user’s MetaMask iCloud backup and the seed phrase. Possessing the Apple ID information and the 2-factor authentication code was enough to help the crooks carry out the act.
Metamask went on to urge its users to disable iCloud backups. It wrote, “You can disable iCloud backups for MetaMask specifically by turning off the toggle here:
Settings > Profile > iCloud > Manage Storage > Backups.”
It further added, “If you want to avoid iCloud surprising you with unrequested backups in the future, you can turn off this feature at Settings > Apple ID/iCloud > iCloud > iCloud Backup.”
You can disable iCloud backups for MetaMask specifically by turning off the toggle here:
Settings > Profile > iCloud > Manage Storage > Backups.
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
Protecting Your Crypto Assets
Ignoring MetaMask’s warning would not be a smart move for any user. The platform owns one of the largest user bases. Additionally, crypto users need more security information with the rise of digital crimes. In a recent tweet, Taylor Monahan, founder, and CEO of MyCrypto listed several other ways a user can lose their assets.
Furthermore, Taylor noted that dropping recovery seed phrases on emails, chatboxes, and websites and clicking on fraudulent sites could be detrimental steps to take. In addition, there is a huge need to keep account details private. This includes not sharing screens with sensitive information.
9. If you use your secret recovery phrase or private key in your config files to dev something up and then commit your project to github, you will get rekt.
10. If you set your token allowance to infinity and beyond, you will (eventually) get rekt to infinity and beyond.
— Taylor Monahan 🦊💙 (@tayvano_) April 17, 2022
Famous NFT analyst, Serpent, shared several steps a user can take to protect their assets. He listed the following in a tweet:
- Always use a cold wallet to store your valuables.
- Never give out verification codes to anyone.
- Protect your information, don’t give out your phone number or your personal email.
- Caller information is easy to spoof. Companies like Apple will never call you.
Some crypto users were thrilled to learn of this possible security risk to their assets. However, some other users blamed Metamask for what had happened by enabling such a feature. Twitter user “revive_dom” later expressed his disappointment at Metamask’s supposedly late announcement. He believes an early notice could have been a lifesaver.
Finally, the bulk of the responsibility now resides with crypto users to get the education they need to keep their funds safe.
Moreover, find the most undervalued gems, up-to-date research, and NFT buys with Altcoin Buzz Access. Plans start at only $99 per month.
For more information on cryptocurrency, visit the Altcoin Buzz YouTube channel.