As investments in cryptocurrency skyrocket, cases of crypto thefts are rising as well. Crypto wallet provider MetaMask has sent out a warning on Twitter, revealing how Apple iCloud backups could be used as a potential phishing tool. This comes after an Apple user claimed to have lost crypto assets worth $650,000 from his MetaMask crypto wallet.
The new scam involves certain default device settings in iPhones, iPads which store MetaMask users’ seed phrase onto iCloud, whenever anyone enables automatic backups for app data. Metamask is an online cryptocurrency wallet that enables users to store their crypto assets such as Bitcoin, Ethereum, Dogecoin, etc, as well as non-fungible-tokens (NFTs). In order to gain access to the wallet, you need a ‘seed phrase’—which is essentially your password.
A Twitter user by the name ‘Serpent’–who is also a popular NFT and crypto scam analyst– described how the scammers stole from a victim. On April 15, the victim had received multiple text messages asking to reset his Apple ID password. Later in the evening, he received a call from “Apple Inc”, which according to the analyst, was a spoofed caller ID. During the call, the scammers said there was suspicious activity on the victim’s Apple ID and asked for a one-time verification code. This is the six digit verification code sent out to a user when they want to reset their Apple ID password or even login from a different laptop or iPhone, iPad, etc.
After giving out the six digit verification code, the scammers hung up the call and in a matter of minutes, the victim’s MetaMask wallet was wiped clean. This took place because they got access to the MetaMask iCloud back up and the seed phrase which was stored online. Once the thieves had the Apple ID details, including the Two Factor Authentication (2FA) code, they were able to steal the rest of the details.
According to the scam analyst, 132.86 Ethereum worth $402,988 and Tether (USDT) worth $252,400 were stolen. In total, crypto worth $655,388 were stolen by the scammers.
How to disable cloud backups?
Metamask in a warning tweet has asked users to disable iCloud backups. If you’re a MetaMask user, here’s what you need to do:
Go to Settings > Profile > iCloud > Manage Storage > Backups, then turn off the toggle.
To ensure that iCloud will not “surprise” you with backups you didn’t allow, go to Settings > Apple ID/iCloud > iCloud Backup and turn it off.
Meanwhile, after MetaMask posted the warning today, “revive_dom”, the victim who lost crypto assets, expressed his protest with the crypto wallet company, noting that: “I’m not saying they shouldn’t do it but they should tell us. Don’t tell us to never store our seed phrase digitally and then do it behind our backs. If 90 per cent of the people knew this I would bet none of them would have the app or iCloud on.”