On Easter Sunday, April 17, a phishing attack happened to a MetaMask user where the hackers stole $655K after they got access to the user’s MetaMask seed through their iCloud backup data.
According to the user, he received multiple text messages asking to reset his Apple account and the scammer then followed up with a call from a spoofed Apple Inc. number pretending to be the firm’s support agents investigating suspicious activity on his account.
Without suspicion, the victim followed the instructions given by the fake support agents and provided the six-digit verification code received from Apple. Turns out, the hackers had already requested one final Apple account password reset and all they needed was the additional verification to access the victim’s iCloud data where the MetaMask seed was backed up. As soon as they got the verification, the victim’s MetaMask wallet was emptied.
After the incident, the crypto mobile wallet MetaMask published a twitter thread to warn their iOS users about the seeds of cryptocurrency wallets being stored in Apple’s iCloud if app data backup is active.
What is a seed phrase?
A seed phrase is a secret recovery phrase (SRP) consisting of 12 or so words that protect access to the wallet’s content. It gives users access to the crypto associated with that wallet. In other terms, the seed phrase functions as the crypto wallet’s master password, and cannot be changed.
This is the reason why SRPs are recommended to be stored offline: written on paper and hidden somewhere safe. Consequently, if a user stores their wallet seed in iCloud it practically means that if their Apple account is compromised, their digital assets are also at risk.
To further avoid this incident from repeating, MetaMask suggests that users must make sure to exclude MetaMask from iCloud backups via Settings > Profile > iCloud > Manage Storage > Backups.
Globally, Metamask is the leading crypto wallet with 30 million reported monthly users. In the Philippines, BitPinas exclusively received a report from Metamask that by the start of 2022 the crypto wallet has reached 3.57 million Filipino users, which is a 78.5% increase from the previously reported 2 million Philippine users last August 2021.
Despite this attack, MetaMask recently announced that with their recent IoS update, iPhone users will now be able to buy cryptocurrency using a debit or credit card through the mobile Apple Pay application, eliminating the need to transfer Ether (ETH) from a centralized exchange into the application. (Read more: MetaMask: iPhone and Apple Pay Users Can Now Buy Crypto)
This article is published on BitPinas: Hackers Steal $655K After Extracting MetaMask Seed From iCloud Backup
Disclaimer: BitPinas articles and its external content are not financial advice. The team serves to deliver independent, unbiased news to provide information for Philippine-crypto and beyond.