After a phishing attack on crypto wallets, MetaMask issued a warning to all those who are using iCloud to back up their data on the internet. Your data is at risk if you are using an Apple device unless you disable the automatic backup option from the settings section manually.
According to the data, only a handful MetaMask users know about this feature out of its thirty million users. This attack involves getting your synchronized data from the cloud server and resetting the credentials. Afterwards, they access the device by using the password recovery method.
This Scam targets Apple Device Users
This attack starts with an alleged call from Apple, but if you check deeply, you will see that it’s a spoofed number. If you are well connected to the technology, you will probably know that this is something else because of the no-call policy of Apple.
When users pick up the call, the attacker will claim to be calling from the security department of Apple and say that their iCloud account is compromised. You will receive a security code that the attacker will claim that they sent and ask you for it.
If you dig deep, this works as the attacker generates a security code through the iForgot feature of iCloud. For those who already have their security code, attackers have complete access to their accounts as they reset their passwords. Some unlucky crypto lovers who saved their MetaMask security phrase on iCloud have unintentionally shared it with attackers.
As soon as they get the security phrase, it will be better than a few seconds before they empty your crypto wallet. The biggest phishing attack till this is the one where the owner lost around six hundred and fifty thousand dollars worth of assets. Recent research states that more than a million MetaMask users are at the risk of this attack because of their data on iCloud.
Half million-dollar Theft from Crypto Wallet
An unlucky phishing attack victim lost Ape Coins, NFTs, Ether, Tether, and various other digital assets valued from a few hundred thousand dollars to eighty thousand dollars, and some were of smaller value. This scam takes place in a few minutes, all thanks to an automated script that lets them drain the crypto wallet once attackers get their hands on the recovery code.
To stay safe from this scam, keep in mind that Apple never calls its customers on the phone when it comes to account issues, and text messages are also rare. If something suspicious like this comes up, contact Apple through some other method to confirm whether they are trying to reach you or is it just a scam. Check the cloud storage from time to time to learn about apps that are using it.