Following Apple Pay integration, Apple users on MetaMask are at risk of losing their cryptocurrencies due to an ongoing phishing attack.
On Twitter, MetaMask developers warned their users about an ongoing phishing attack, which is impersonating Apple Inc to trick its victims into accessing their data stored in iCloud, with the aim of stealing their cryptocurrency.
The attack, as reported by the wallet, endangers the safety of the phrases seeds by cryptocurrencies, on devices that have iCloud backup enabled for MetaMask data and do not have a sufficiently secure password.
It may interest you: Apple Pay integrates with MetaMask to bring cryptocurrencies and Web3 closer to iPhone users
More than $650.000 stolen from MetaMask
Although MetaMask has not confirmed any theft so far, one user of the crypto wallet claims to have lost over $650.000 in this phishing attack.
The affected user said he had received several text messages asking him to reset his Apple password due to suspicious activity, which made him think his account was compromised. Following this, the user received a support call, where the cybercriminals impersonated Apple Inc. staff using a spoofed caller ID.
In the call, the cybercriminals confirmed that there was suspicious activity and offered to help the user supposedly secure their account. Tricking the victim, the cybercriminals requested Apple’s one-time verification code (2FA) into believing that it was a requirement to prove that they were speaking to the account owner. This one-time verification code is private and is required when signing in to new Apple devices.
By sending the code, the cybercriminals were able to access the user's account, so they cut off the call and, minutes later, reestablished the user's MetaMask wallet, stealing the cryptocurrency funds stored in it.
iCloud stores MetaMask seed phrases
The security analyst, known on Twitter as “Serpent,” explained that the theft was possible because MetaMask seed phrases are stored in iCloud when users have enabled data backup on Apple Inc.’s cloud.
“The scammers requested a password reset for the victim’s Apple ID. After receiving the 2FA code, they were able to take control of the Apple ID and access iCloud, which gave them access to the victim’s MetaMask,” the security analyst said.
In total, the user affected by this phishing attack lost 132,86 ETH, worth over $402.000, and another $252.400 in the Tether (USDT) stablecoin.
“Serpent” reminded MetaMask users and the crypto industry in general of the importance of storing high-value assets in hardware wallets or cold wallets, which provide a high level of security by remaining disconnected from the internet. In addition, the security analyst noted that companies like Apple will never call their users, so under no circumstances should private data, such as passcodes, passwords, PINs, and 2FA, be provided to anyone over the phone.
MetaMask developers also recommend disabling iCloud backups for wallet data. They also advise users that they can disable this backup feature to prevent iCloud from surprising them with unsolicited backups in the future, which could put their funds at risk.
Continue reading: Phishing returns to MetaMask to steal cryptocurrency wallets
