Hackers steal $655K after picking MetaMask seed from iCloud backup - BleepingComputer
2022-04-18 15:49 (EST) - Bill Toulas
MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple's iCloud if app data backup is active.
MetaMask is a “hot” cryptocurrency wallet used by over 21 million investors to store their wallet tokens and manage their digital assets.
In cryptocurrency lingo, a seed is a secret recovery phrase consisting of 12 words that protect access to the wallet's content.
Storing the wallet seed in iCloud practically means that if an owner has their Apple account compromised, their digital assets are also at risk.
If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on ) 1/3
— MetaMask (@MetaMask) April 17, 2022
REAL PHISHING CASE
Unfortunately, the scenario above was already used against at least one MetaMask user who has lost over $655k as a result of a well-crafted phishing attack.
1/ On April 15th, @revive_dom received multiple text messages asking to reset his Apple ID password and at 6:32 PM he received a call from "Apple Inc." which was a spoofed caller ID.
They claimed that there was suspicious activity on his Apple ID and they asked for a one-time pic.twitter.com/fc8lSntgyP
— Serpent (@Serpent) April 17, 2022 The target received multiple text messages asking to reset his Apple account and the attacker then followed up with a call from a spoofed Apple Inc. number pretending to be the firm’s support agents investigating suspicious activity on his account.
The victim followed the instructions and provided the fake support agents the six-digit verification code received from Apple. Soon, his MetaMask wallet was emptied.
The hackers had already requested one final Apple account password reset and all they needed was the additional verification to access the victim's iCloud data where the MetaMask seed was backed up. This allowed them to steal $655,388 worth of crypto.
WHAT TO DO
To keep your digital assets safe from such tricky attacks, make sure to exclude MetaMask from iCloud backups via Settings > Profile > iCloud > Manage Storage > Backups .
The two-factor authentication code is a temporary secret that should not be shared with anyone, regardless how convincing a call, email, or SMS may appear. Official representatives would never ask for it.
Additionally, cryptocurrency users can keep their assets safer in a cold wallet if they're not actively trading them instead of the MetaMask hot wallet.
Finally, keeping your investments out of social media and other public channels make you less of a target as hackers are keeping an eye for fresh, high-value victims.
