Security Warning – If you use MetaMask on an iOS device with iCloud backup enabled, then your vault seed is automatically backed up by default. People are being phished for AppleID resets with one victim losing $650K yesterday.
2 min read
TL:DR
If you have MetaMask on an iPhone or Mac, then you’re likely also using iCloud backup. MetaMask backup your Valut containing your seed by default, so turn that off from SettingsProfileiCloudManage Storage!
Summary
I have been following this developing story on Twitter about a user that lost $650K yesterday due to the following phishing method with others coming forward claiming that the same has also happened to them.
Background
When you create a wallet using MetaMask on an iPhone, the app will create a JSON containing your wallet, this is stored on your device. Most users use iCloud to automatically backup their phone and app data, but unbeknown to many users, MetaMask include this file as part of the backup. From a google search, this isn’t new, it was discovered in 2019, but MetaMask have today acknowledged (addressed) it HERE after a number of users were targeted resulting in lost funds.
Phishing Method
For the user that lost $650K, it appears to be a very sophisticated attack. They fell victim as follows…
The malicious attacker requested several password resets against their AppleID/iCloud generating several emails to their account. From there, they using a spoofed caller id to call the victim and claimed that they were from Apple and calling about suspicious activity on their account. They asked them to generate their MFA one time pass to confirm that they were the account owner. The hacker used this to reset the password and take control of the Apple account. From there, they were able to restore from a backup and drain the wallet of all funds.
More reading / source
submitted by /u/_s79
[link] [comments]
