Articlesยท$650K MetaMask & iCloud Hack, Here's How to Stay Safe

$650K MetaMask & iCloud Hack, Here's How to Stay Safe

Jason Bales
$650K MetaMask & iCloud Hack, Here's How to Stay Safe

Over the weekend, a new MetaMask and iCloud phishing scam cost one web3 user over $650,000 when he accidentally reset his Apple ID password for the hacker. But how did the scammer gain access to this victim's MetaMask with just his Apple ID and iCloud password?

Here's how the new phishing attack works and how to stay safe.

 

New MetaMask & iCloud Phishing Scam

MetaMask saves your seed phrase file on iCloud via its mobile application if you have enabled iCloud backup for app data, which is default and commonplace for iPhone users. If a hacker gains access to your iCloud account, they have access to your password-encrypted MetaMask vault, which gives them access to your seed phrase.

Once a hacker has access to your seed phrase, it's game over. They can access your MetaMask crypto wallet and drain your entire account in minutes.

In this specific case, the scammer sent multiple Apple ID password reset requests to the victim's iCloud account. This was intended to make it look like a suspicious hacking attempt was currently taking place.

Then, the scammer called the victim from a phone number with Apple Inc. as the caller ID. They claimed to be Apple support and requested to reset the victim's Apple ID password. The scammer sent a code to the victim, who then gave the code to the scammer, and that's all it took. 

The scammer hung up the phone, used the code to reset the victim's Apple ID password, logged into the victim's iCloud account, found the victim's seed phrase, and drained the victim's account of over $650,000 in cryptocurrencies.

 

How to Stay Safe From This MetaMask & iCloud Hack

There are a few best practices to stay safe from phishing scams like the one mentioned above:

  1. Use a cold wallet to store your cryptocurrencies. The two most popular hardware wallets, also called offline wallets, are Ledger and Trezor.
  2. Always protect your personal data and never give access codes to anyone. Scams and hacks are getting more elaborate, and it is sometimes difficult to tell what is real and fake. Err on the side of caution.
  3. Never tell anyone your seed phrase. Always keep it offline.

To combat this specific phishing scam, MetaMask suggests disabling iCloud backup for MetaMask's application. To do this, go into your iPhone's settings, then go to Profile --> iCloud --> Manage Storage --> Backups. Turn off the toggle.

You can also turn off iCloud backup by going into your iPhone's settings and choosing Apple ID/iCloud --> iCloud --> iCloud Backup. Turn off the toggle.

Stay safe out there.

Author Bio
Jason Bales
Jason is an NFT lead at Lucky Trader. He has been involved in the NFT space since CryptoKitties in late 2017 and got involved in NBA Top Shot in early 2021 (Series 1 Legendary From The Top LeBron James Block, anyone?). Now, he spends most of his days yelling, "get off my lawn" at the PEPE and Nakamigos kids.
Disclaimer: The author or members of the Lucky Trader staff may own NFTs discussed in this post. Furthermore, the information contained on this website or the Lucky Trader mobile application is not intended as, and shall not be understood or construed as financial advice. AI may have assisted in the creation of this content.
Lucky Trader
Lucky Trader
Latest NFT NewsLucky Trader News APIJobs2.5 NFT News Discord BotSitemapAll Projects ListSign up for our Newsletter
Popular Articles
Everything You Need to Know About DraftKings ReignmakersHow to Buy Your First MoonbirdHow to Buy Your First Doodles NFTHow to Buy Your First Cryptopunk
About Lucky TraderAuthorsOur Publishing CharterContact us
Get the app on
Available on iOSAvailable on Android
ยฉ 2023 Lucky Ducks, Inc
Privacy PolicyTerms of Use
About Lucky TraderAuthorsOur Publishing CharterContact us