Hackers steal $655K after picking MetaMask seed from iCloud backup

MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple’s iCloud if app data backup is active.

MetaMask is a “hot” cryptocurrency wallet used by over 21 million investors to store their wallet tokens and manage their digital assets.

In cryptocurrency lingo, a seed is a secret recovery phrase consisting of 12 words that protect access to the wallet’s content. Storing the wallet seed in iCloud practically means that if an owner has their Apple account compromised, their digital assets are also at risk.

Real phishing case

Unfortunately, the scenario above was already used against at least one MetaMask user who has lost over $655k as a result of a well-crafted phishing attack.

The target received multiple text messages asking to reset his Apple account and the attacker then followed up with a call from a spoofed Apple Inc. number pretending to be the firm’s support agents investigating suspicious activity on his account.

The victim followed the instructions and provided the fake support agents the six-digit verification code received from Apple. Soon, his MetaMask wallet was emptied.

The hackers had already requested one final Apple account password reset and all they needed was the additional verification to access the victim’s iCloud data where the MetaMask seed was backed up. This allowed them to steal $655,388 worth of crypto.

What to do

To keep your digital assets safe from such tricky attacks, make sure to exclude MetaMask from iCloud backups via Settings > Profile > iCloud > Manage Storage > Backups.

The two-factor authentication code is a temporary secret that should not be shared with anyone, regardless how convincing a call, email, or SMS may appear. Official representatives would never ask for it.

Additionally, cryptocurrency users can keep their assets safer in a cold wallet if they’re not actively trading them instead of the MetaMask hot wallet.

Finally, keeping your investments out of social media and other public channels make you less of a target as hackers are keeping an eye for fresh, high-value victims.

Leave a Comment

Your email address will not be published. Required fields are marked *