MetaMask, a popular crypto wallet, has warned iPhone users about potential phishing attacks. MetaMask has issued this advisory after a user reported a loss of $650K worth of cryptocurrencies on Twitter.
A Twitter user named Serpent has raised the alarm about a loss of funds from a single individual wallet and cautioned users about more such scams. This phishing attack is mainly tagged to Apple devices, where users backed up the secret seed phrase to their iCloud backups.
Metamask issued a list of caution that Apple users must take to avoid falling victim to such phishing attacks. In a series of tweets, Metamask requested users to disable their automatic backups to iCloud or simple exclude Metamask from their regular backups.
Phishing Attack through iCloud
According to Metamask, an iCloud account with automatic backup syncs ‘Password-encrypted MetaMask vault’. Hence, a compromised iCloud account could give the scammer access to the blockchain wallet.
Users who want to stay safe from any such scam through their iCloud account should use the below steps to disable their auto iCloud backup or exclude MetaMask to avoid getting seed phrases saved into the could.
Settings > Profile > iCloud > Manage Storage > Backups
Avoid saving Seed Phrase to Cloud.
The MetaMask advisory is mainly concerned with iCloud users; however, such an attack can happen to any cloud storage such as Google Drive or Onedrive.
Saving seed phrases in could storage gives hackers indirect access to your blockchain wallet through penetrating your cloud account.
Metamask is a non-custodial wallet that means any attack on your wallet or stolen funds can not be reversed or restored. Metamask suggests avoiding installing malicious software to the system or storing the secret recovery phrase on your computer.