The popular digital currency wallet, MetaMask, warned users of a security flaw in Apple’s cloud storage. The warnings came in when stolen fund reports surfaced on Twitter in the past few days.
Turns out, what the tech giant Apple thought could help MetaMask users help save passwords or time might be a security flaw that could endanger one’s digital assets. The ConsenSys-backed digital currency wallet took to Twitter to explain that “iCloud backup for app data” will also store the credentials of “your password-encrypted MetaMask vault.”
“If your [iCloud] password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds,” MetaMask tweeted on Sunday.
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
Simple flaw leads to a huge loss
Moreover, the digital currency wallet provider guided users to turn off the automatic data backup in the same Twitter thread when a user called “revive_dom” reported a loss of 6 non-fungible tokens (NFTs), including three Mutant Ape Yacht Club (MAYC) collectibles, and more than $250,000 worth of ApeCoin (APE).
According to DAPE and Sentinel founder Serpent, the stolen digital collectibles are worth 132.86 Ethereum ($402,980), with the total amount of the stolen digital assets reaching roughly over $650,000.
5) The scammer will have access to the victim's iCloud account, giving them free access to everything, including all the data MetaMask stores on iCloud
132.86 ETH ($402,988 USD)
— Serpent (@Serpent) April 17, 2022
The scam was, according to Serpent, a phishing attack. Firstly, fraudsters made several password reset requests “to make the victim suspicious.” With some help from “caller ID spoofers,” the scammers called their prey, stating to be Apple customer service while asking for the two-factor authentication (2FA) code.
After getting the 2FA verification code, the phishers were able to get control of the victim’s iCloud account, which had the user’s MetaMask wallet password.
Hacks and scams in the industry
With the rise of digital currencies in the past year, scams and thefts have risen nonetheless. Some hackers stole hundreds of millions of dollars worth of virtual currencies, leading to more than $14 billion stolen in 2021 alone.
According to a CNBC report, digital theft rose by 516% last year from 2020. On the other hand, this year hasn’t been going so well either since hackers have already stolen more than a billion dollars.
As per a Yahoo Finance report, scammers looted $1.22 billion from digital currency investors in the first quarter of 2022. The majority of the funds were from Wormhole, $325 million, and Ronin bridge, $615 million hacks.
Watch: CoinGeek New York presentation, FYI: Better Information Tools for a More Lawful Blockchain Industry
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.