- Apple iCloud backups were used as a phishing tool
- The scammers had access to the MetaMask iCloud backup and the password, which was stored online
- Users must disable cloud backups to be safe
Crypto theft cases are rising in parallel to investments in digital assets. MetaMask, one of the best-known crypto wallets, sent out a warning on Twitter, showing how Apple iCloud backups could be used as a potential phishing tool, after a user lost $650,000 from his MetaMask wallet.
Scam involves device settings
The new scam involves specific default settings in Apple products like iPhones and iPads. Whenever anyone enables automatic backups for app data, they store MetaMask users’ seed phrase onto iCloud.
Users can store Bitcoin, Ethereum, Dogecoin, and non-fungible-tokens (NFTs) on MetaMask. They need a password to gain access to the wallet, which is the ‘seed phrase’ in question.
How did the scam occur?
A pseudonymous NFT and crypto scam analyst described how the scam occurred on Twitter. The user got several text messages asking to reset his Apple ID password. After that, someone from “Apple Inc” called him, which was a spoofed caller ID according to the analyst. During this call, the person pretending to be an Apple employee asked for a one-time verification code.
This is the six-digit code a user receives when they want to log in from a different device or reset their Apple ID password.
The call ended shortly thereafter. A few minutes later, the funds in the victim’s MetaMask wallet were gone.
Why could it occur?
The scammers had access to the MetaMask iCloud backup and the password, which was stored online. The cybercriminals could steal everything once they had the Apple ID details, including the Two Factor Authentication (2FA) code.
In total, the scammers stole crypto worth $655,388.
What you can do
To keep this from happening to you, you must disable cloud backups. This is how:
Go to Settings > Profile > iCloud > Manage Storage > Backups, then turn off the toggle.
Go to Settings > Apple ID/iCloud > iCloud Backup and turn it off.
The warning was posted by MetaMask yesterday, but it was too late. The victim who lost his crypto assets accused the crypto wallet company of deception, saying:
I’m not saying they shouldn’t do it but they should tell us. Don’t tell us to never store our seed phrase digitally and then do it behind our backs. If 90 per cent of the people knew this, I would bet none of them would have the app or iCloud on.