Hand holding mobile with MetaMask app running at smartphone screen with MetaMask logo at background.

iCloud users might be in danger losing their assets, MetaMask warns

The popular digital currency wallet, MetaMask, warned users of a security flaw in Apple’s cloud storage. The warnings came in when stolen fund reports surfaced on Twitter in the past few days.

Turns out, what the tech giant Apple thought could help MetaMask users help save passwords or time might be a security flaw that could endanger one’s digital assets. The ConsenSys-backed digital currency wallet took to Twitter to explain that “iCloud backup for app data” will also store the credentials of “your password-encrypted MetaMask vault.”

“If your [iCloud] password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” MetaMask tweeted on Sunday.

Simple flaw leads to a huge loss

Moreover, the digital currency wallet provider guided users to turn off the automatic data backup in the same Twitter thread when a user called “revive_dom” reported a loss of 6 non-fungible tokens (NFTs), including three Mutant Ape Yacht Club (MAYC) collectibles, and more than $250,000 worth of ApeCoin (APE).

According to DAPE and Sentinel founder Serpent, the stolen digital collectibles are worth 132.86 Ethereum ($402,980), with the total amount of the stolen digital assets reaching roughly over $650,000.

The scam was, according to Serpent, a phishing attack. Firstly, fraudsters made several password reset requests “to make the victim suspicious.” With some help from “caller ID spoofers,” the scammers called their prey, stating to be Apple customer service while asking for the two-factor authentication (2FA) code.

After getting the 2FA verification code, the phishers were able to get control of the victim’s iCloud account, which had the user’s MetaMask wallet password.

Hacks and scams in the industry

With the rise of digital currencies in the past year, scams and thefts have risen nonetheless. Some hackers stole hundreds of millions of dollars worth of virtual currencies, leading to more than $14 billion stolen in 2021 alone.

According to a CNBC report, digital theft rose by 516% last year from 2020. On the other hand, this year hasn’t been going so well either since hackers have already stolen more than a billion dollars.

As per a Yahoo Finance report, scammers looted $1.22 billion from digital currency investors in the first quarter of 2022. The majority of the funds were from Wormhole, $325 million, and Ronin bridge, $615 million hacks.

Watch: CoinGeek New York presentation, FYI: Better Information Tools for a More Lawful Blockchain Industry

YouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.