Crypto holders with Apple devices beware — this iCloud flaw jeopardizes your MetaMask assets

MetaMask (Image credit: Metamask)

MetaMask, the Web 3.0 platform behind the eponymous, ultra-popular crypto wallet with more than 21 million monthly active users, announced an iCloud vulnerability that pricked the ears of digital-asset holders with Apple devices.

Apple-owning MetaMask users who have iCloud backup enabled are jeopardizing their cryptocurrencies and/or NFTs. Why? When iCloud stores your information on Apple's remote servers, it includes your password-encrypted MetaMask vault. If you have a weak password, or you fall victim to a phishing attack, hackers can take advantage and skip away with stolen funds.

AppleInsider pointed out a real-life incident in which a MetaMask user, Domenic Iacovone, lost several NFTs and $100,000 in ApeCoin, an ERC-20 (i.e., Ethereum-based) token, due to a phishing attack.

Iacovone received a call on his iPhone "that read as an Apple number on his caller ID," AppleInsider said. When he called the number back, the scammer asked for a two-factor authentication code that was sent to his device. He obliged. Seconds later, his entire MetaMask wallet was wiped.

As it turned out, the scammer managed to snag Iacovone's iCloud credentials. Apple's two-factor authentication code was the final layer of security protection that could have prevented Iacovone from losing all of his digital valuables, but unfortunately, he fell for the hacker's bait hook, line and sinker.

The malicious actor tried to sell the swiped NFTs on OpenSea, a popular marketplace for non-fungible tokens, but OpenSea flagged the stolen digital collectibles as suspicious. When this happens, the NFTs are locked; they cannot be sought, sold nor transferred using OpenSea.

Unfortunately, as of this writing, Iacovone is seemingly still trying to recover his assets.

How to stop iCloud from backing up your Metamask data

Apple users can disable iCloud backups for Metamask by navigating to Settings > Profile > iCloud > Manage Storage > Backups.

Another way to secure your Metamask is to use a crypto hardware wallet like the Ledger Nano X and Ledger Nano S Plus. Hackers can't do anything with your assets because they'd need to physically have your hardware wallet, along with your pin code, to manage your crypto and/or NFTs.

Kimberly Gedeon

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!