MetaMask, the Web 3.0 platform behind the eponymous, ultra-popular crypto wallet with more than 21 million monthly active users, announced an iCloud vulnerability that pricked the ears of digital-asset holders with Apple devices.
Apple-owning MetaMask users who have iCloud backup enabled are jeopardizing their cryptocurrencies and/or NFTs. Why? When iCloud stores your information on Apple's remote servers, it includes your password-encrypted MetaMask vault. If you have a weak password, or you fall victim to a phishing attack, hackers can take advantage and skip away with stolen funds.
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3April 17, 2022
Iacovone received a call on his iPhone "that read as an Apple number on his caller ID," AppleInsider said. When he called the number back, the scammer asked for a two-factor authentication code that was sent to his device. He obliged. Seconds later, his entire MetaMask wallet was wiped.
This is how it happened, Got a phone call from apple, literally from apple (on my caller Id) Called it back because I suspected fraud and it was an apple number. So I believed themThey asked for a code that was sent to my phone and 2 seconds later my entire MetaMask was wipedApril 14, 2022
As it turned out, the scammer managed to snag Iacovone's iCloud credentials. Apple's two-factor authentication code was the final layer of security protection that could have prevented Iacovone from losing all of his digital valuables, but unfortunately, he fell for the hacker's bait hook, line and sinker.
The malicious actor tried to sell the swiped NFTs on OpenSea, a popular marketplace for non-fungible tokens, but OpenSea flagged the stolen digital collectibles as suspicious. When this happens, the NFTs are locked; they cannot be sought, sold nor transferred using OpenSea.
Unfortunately, as of this writing, Iacovone is seemingly still trying to recover his assets.
How to stop iCloud from backing up your Metamask data
Apple users can disable iCloud backups for Metamask by navigating to Settings > Profile > iCloud > Manage Storage > Backups.
Another way to secure your Metamask is to use a crypto hardware wallet like the Ledger Nano X and Ledger Nano S Plus. Hackers can't do anything with your assets because they'd need to physically have your hardware wallet, along with your pin code, to manage your crypto and/or NFTs.
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!