MetaMask Urges Users to Disable Automatic iCloud Backups on Apple Mobile Devices After Hacker Steals $650,000 Worth of Digital Assets

The hacker used a caller ID spoofer to pose as an Apple representative to retrieve a password reset code to the victim’s iCloud account.
Image source: MetaMask

Quick take:

  • MetaMask user named Domenic Iacovone had the entire contents of his MetaMask wallet wiped out.
  • A hacker gained access to Iacovone’s iCloud account and stole his wallet’s private keys.
  • Apple mobile devices can automatically upload app data, including private keys.

Web3 wallet MetaMask advised Apple users to disable automatic iCloud backups on their mobile devices after an iPhone user had $650,000 worth of NFTs and cryptocurrency stolen from his MetaMask wallet.

MetaMask user named Domenic Iacovone had the entire contents of his MetaMask wallet wiped out after receiving a call from a scammer posing as an Apple representative. On Apr 15, Iacovone received multiple SMS messages asking him to reset his Apple ID password. 

After doing so, the hacker used a caller ID spoofer to call Iacovone, claiming there was suspicious activity and asked for a one-time verification code as proof of ownership of his Apple ID account, according to Twitter user, Serpent, the founder of a crypto-security firm Sentinel.

Serpent explained that MetaMask users’ seed phrases are automatically saved on iCloud. “The scammers requested a password reset for the victim’s Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim’s MetaMask,” he added.

Apple’s mobile devices automatically upload app data, including private keys, during iCloud backups, which can result in stolen assets. In response to Serpent’s Twitter thread, MetaMask provided instructions on how users can turn off automatic iCloud backups for the wallet.

Iacovone said that he lost six NFTs including MAYC #28478, #8952, #7536, Gutter Cat #2280, #2769, #2325, 100,000 ApeCoin, 132.86 ETH and 252,400 USDT, totalling up to $655,388. He is offering $100,000 as a reward for anyone who can retrieve and return the stolen assets to him, and said in an update that OpenSea is flagging the stolen NFTs as suspicious.

It appears that this incident occurred due to a security oversight on Iacovone’s part combined with a native feature on Apple devices that can be disabled. 

The NFT space has suffered from several phishing attacks over the past few months. Last month, DeFiance Capital founder Arthur Cheong fell victim to a spear-phishing attack linked to North Korean state-sponsored cybercrime groups BlueNorOff and Lazarus Group.

Earlier this month, a hacker posted a phishing link to Bored Ape Yacht Club’s Discord channel and managed to steal a Mutant Ape NFT. Other NFT-related Discord channels were also compromised at the same time.

With phishing attacks and scams rampant in the NFT space, crypto security experts such as Serpent have advised users to store their assets in cold wallets, protect their information, and never give out verification codes to anyone. 

Stay up to date:

Previous Post

Blizzard President Rules Out NFTs After Survey Returns Negative Feedback

Next Post

Sixers’ James Harden Joins the NFT Craze with “The Way of the Beard” NFT Collection

Related Posts