If you use the MetaMask cryptocurrency wallet on an iPhone, then be careful: your private keys are at risk. According to MetaMask itself, hackers are using the iCloud system to scam users. iCloud is Apple’s built-in cloud storage system, which saves a lot of customer data. However, iCloud can store MetaMask’s private keys as well, allowing hackers to steal them.
Expansion of services opened gaps
Two weeks ago, as reported by CriptoFácil, MetaMask released the purchase of cryptocurrencies via credit card for iPhone owners. These operations can be performed by Apple Pay, a service that scans credit cards. In this way, MetaMask has created a practicality so that no one needs to send Ether (ETH) if they want to buy an NFT, for example. But this facility has attracted several scammers who aim to steal funds from wallets. In addition to card data, wallet passwords are in danger. In the case of MetaMask, it is the 12 words that guarantee the security of the device. According to the tweet, iCloud backup features can make the key stored directly in the service. So, if someone gets access to your Apple account and hacks iCloud, that key could be stolen. This in fact happened to a Twitter user, titled “Revive_dom”, who had his entire wallet emptied by hackers. He lost US$650,000 in total, or about R$3 million, between cryptocurrencies and NFTs.
“I got a call from Apple, literally from Apple (on my caller ID). I called back because I suspected fraud and it was an Apple number. So I believed them. They asked for a code which was sent to my phone, and two seconds later my entire wallet was empty,” she reported.
Shortly thereafter, MetaMask explained the case in twitter. The company said that if app data backup is active, wallet keys will also be backed up. If the account does not have a strong enough password, the funds are at risk of being stolen.
To prevent further cases, the wallet has given some safety suggestions. Firstly, user must disable data backup in MetaMask – through iPhone settings. Then, change your Apple password to a stronger one to reduce the risk of an eventual hack. It is not the first time that hackers have used attacks against MetaMask to steal funds and NFTs from its users. Scams involving airdrops, fake NFTs and even MetaMask tokens are common in this market. So, avoid leaving your private keys on your computer and don’t click on any links that look suspicious.
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3 — MetaMask 🦊💙 (@MetaMask) April 17, 2022
Read also: UST surpasses Binance and becomes third largest stablecoin in the market Read also: BNDES and TCU sign agreement to launch Rede Blockchain Brasil (RBB) AVAX); check out