One user revealed that he lost more than half a million dollars from his Metamask wallet, after receiving an alleged password reset request from Apple.
The popular wallet ethereum, meta maskis alerting its users of iPhone, Mac Y iPad about possible phishing attacks through the service iCloud from Manzana.
The wallet provider owned by ConsenSys posted a thread tweet on Sunday warning the users who could be at risk of losing their funds if their Apple password”It’s not safe enough.”
The company explained that the window to possible attacks lies in the fact that encrypted passwords, called vaults meta maskare automatically uploaded to the cloud service of Manzanaunless the backup option of iCloud is disabled.
This automatic feature could ultimately result in credential theft via a phishing attack. In short, if the account iCloud of a user is compromised, all of their linked cryptocurrency wallet passwords could be as well.
You can disable iCloud backups for MetaMask specifically by turning off the toggle here:
Settings > Profile > iCloud > Manage Storage > Backups.
— MetaMask ???????? (@MetaMask) April 17, 2022
User lost USD $650,000 from his Metamask
in the thread of tweetthe company explained to users how they can disable automatic backups of iCloud for meta mask. To apply the configuration, they must access on their devices “Settings > Profile > iCloud > Manage Storage > Backups“, as indicated by the firm.
It should be noted that in an attack by phishinga term that refers to the sport of fishing, hackers imitate a trusted company, website, or application to steal passwords and extract funds from users who access the fake site under the illusion that it is legitimate.
The warning comes after a collector of tokens non-expendable property (NFT) reported a loss of USD $650,000 in assets and collectibles stored in your meta mask. The user identified as “Domenic Iacovone” reported on Twitter who had received several text messages and an alleged call from Manzana that asked you to reset the password of your ID Manzana.
I literally got a phone call from Apple [decía] Apple (on my caller ID). I called back because I suspected fraud and it was an Apple number. So I believed them. I was asked for a code which was sent to my phone and two seconds later my entire MetaMask was wiped.
The victim provided a six-digit identification code to prove ownership of the Apple account that the malicious actors then used to access their account. meta mask and steal the funds. He said that his wallet contained several NFTs from the popular collection Mutant Ape Yacht Club (MAYC), as well as funds in cryptocurrencies.
Beware of Apple imitators
the founder of Dape NFTnicknamed “Serpent” on Twitter, explained that “MetaMask actually saves your seed phrase file to your iCloud“. In a thread tweethe provided some details on how the campaign operates and alerted his more than 250,000 followers.
“The scammers requested a password reset for the victim’s Apple ID. After receiving the 2FA code, they were able to take control of the Apple ID and access iCloud, which gave them access to the victim’s MetaMask.”.
In the meantime, the victim has offered a $100,000 reward for assistance in recovering his funds. Iacovone too express his frustration after meta mask will post a warning; he stressed that the company should give users more details about how the app works.
I’m not saying they shouldn’t, but they should tell us. Don’t tell us never to store our seed phrase digitally and then do it behind our backs. If 90% of people knew this, I’d bet none of them would have the app or iCloud turned on.
Article by Hannah Estefanía Pérez / DailyBitcoin
WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.