MetaMask Warns Users About Phishing Attacks Through iCloud

Closeup of MetaMask Wallet Logo on a Smartphone

Cryptocurrency wallet MetaMask has warned its users of iCloud phishing attacks that could allow hackers to steal coins and NFTs. The warning came after one of its users tweeted that attackers posing as Apple had cleaned out his MetaMask wallet.

MetaMask Wallet User Faces Phishing Attack

Last week, a MetaMask wallet with the Twitter name Domenic Iacovone informed the NFT community that he was the victim of a targeted phishing attack. Iacovone said he received a phone call from a number displayed as “Apple” on his caller ID. After calling  the number back, the representative asked for a code sent to Iacovone’s phone. Soon after, his entire MetaMask wallet was wiped out.

The stolen tokens include 6 NFTs, namely MAYC 28478, MAYC 8952, MAYC 7536, Gutter cat 2280, Gutter cat2769, and Gutter cat 2325. The attackers also made their way with roughly $100,000 in ape coin.

MetaMask Recently Expanded into Apple Ecosystem

Last month, MetaMask issued an update that allowed its users to buy crypto through Apple Pay. Previously, users would have to transfer ETH tokens to their wallets in order to make transactions. This incentivized Apple users to integrate their MetaMask wallets with the rest of their ecosystem.

A Twitter user named “Serpent,” who is the founder of the DAPE NFT project, provided more details about the attack and valued the stolen tokens at approximately $650,000.

The attackers used a spoofed caller ID number to call Iacovone, warning him of suspicious activity on his Apple ID. Next, they requested a verification code sent to his phone in order to confirm that he was the real owner. However, this code allowed the attackers to reset the victim’s password, thereby gaining access to his iCloud account. This included all the stored MetaMask data.

“MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim’s Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim’s MetaMask,” Serpent stated.

Users Urged to Use Strong Passwords

After this incident, MetaMask put out a tweet explaining how the threat actors are executing the phishing attack.

“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” the company said. It also provided instructions on how to disable iCloud backups, including unrequested backups.

If this article piqued your interest, we recommend checking our detailed guide on phishing attacks.

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.