MetaMask Warns Mobile Wallet Users of iCloud Phishing Attacks

MetaMask, the ConsenSys-owned cryptocurrency wallet provider, has sent out a notification to its community warning them that they may be susceptible to ongoing phishing attacks if they make use of Apple iCloud.

The security issue for Mac, iPad, and iPhone users relates to the default device settings. These settings store and automatically backup the users’ app data if they opted for automatic backups on their devices.

MetaMask has warned its community that the MetaMask app data includes the user’s seed phrase for their wallets and that the seed phrase will be stored online with automatic backups–posing a serious threat to the security of the user’s cryptocurrency funds.

In a tweet made by MetaMask on April 18, the cryptocurrency wallet provider noted that users may end up losing all of their funds if their Apple password “isn’t strong enough”. The wallet provider also added that a cybercriminal will then be able to phish the user’s account credentials, giving them access to the funds in the breached wallet.

To fix the issue, it is recommended that users disable automatic iCloud backups for MetaMask.

MetaMask’s warning to its community came in response to an NFT collector who goes by “revive_dom” on Twitter. The Twitter user reported on April 15 that their entire MetaMask wallet containing digital assets and NFTs, approximately worth $650,000, was completely wiped through this specific security issue.

Following MetaMask’s warning, “revive_dom” expressed his frustrations, posting that: “I’m not saying they shouldn’t do it but they should tell us. Don’t tell us to never store our seed phrase digitally and then do it behind our backs. If 90% of the people knew this, I would bet none of them would have the app or iCloud on.”