MetaMask, a ConsenSys-owned wallet provider, has warned Apple users about the iCloud phishing attacks. It highlighted that users can risk losing their funds if their Apple password is not strong enough. Weak passwords empower the hacker to phish the account credentials.
As such, MetaMask urged users to disable automatic iCloud backups. It highlighted that if the password is not strong enough and someone phishes the iCloud credentials, it can result in stolen funds. The warning came after an NFT collector – revive_dom – stated on April 15 that the wallet containing $650,000 worth of digital assets and NFTs were exploited due to a security issue.
DAPE NFT project founder, Serpent, highlighted that the victim received multiple text messages telling the user to reset his Apple ID password, with a supposed call from Apple which proved to be a spoofed called ID. Unaware of security risks, revive_dom gave the six-digit verification code to prove that they were the owner of the Apple account. The hackers hung up and accessed the user’s MetaMask account through data stored on the iCloud. As such, hackers made off with 132.86 ETH worth around USD 402,988, and 252,400 USDT. It totaled $655,388 worth of digital assets.
Serpent advised its followers through a tweet to always use a cold wallet to store valuables, not to give away verification codes to anyone, caller information spoofs, and not to give away phone numbers or personal email.
The user who lost their digital assets expressed frustration with MetaMask. Revive_dom said not to say to never store seed phrase digitally and then do it behind the users’ backs. The user pointed out that if 90% of the people knew this, none of them would have the app or the iCloud on. However, many highlighted the importance of using cold storage and the dangers of storing assets in a hot wallet.