In an elaborated Twitter thread on Sunday, the ConsenSys-owned crypto wallet said that there is a security issue for the users who are using the platform on iPhone, Mac and iPad. The Apple devices store the users’ seed phrase by default on the iCloud when the automatic backup for app data is enabled.
🔒 If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds. (Read on 👇) 1/3
— MetaMask 🦊💙 (@MetaMask) April 17, 2022
It is a major security flaw and allows the attackers to target vulnerable users with phishing tactics, gaining access to their MetaMask wallet.
Additionally, the crypto wallet provider shared the process of disabling automatic app backups on Apple devices that can prevent such attacks.
The users of this wallet are not new to phishing attacks as the platform issued similar warnings earlier.
The latest warning against the vulnerability of Apple devices came after a MataMask user lost $650,000 worth of cryptocurrencies and non-fungible tokens (NFTs) due to a specific security flaw.
The victim received multiple text messages from the attackers to reset their Apple passwords. In addition, they received a fraudulent call with spoofed caller ID who disguised themselves to be from Apple and received a six-digit verification code from the victim to authenticate their ownership of the account.
The attackers subsequently accessed the MetaMask wallet and drained all the stored funds.
“I’m not saying they shouldn’t do it, but they should tell us,” the victim said after the MetaMask warning. “Don’t tell us to never store our seed phrase digitally and then do it behind our backs. If 90% of the people knew this, I would bet none of them would have the app or iCloud on.”