Threat Watch

MetaMask Warns Apple Users Over iCloud Phishing Attacks

ConsenSys-owned crypto wallet provider MetaMask has sent out a warning to the community regarding Apple iCloud phishing attacks. The security issue for iPhone, Mac and iPad users is related to a default device setting which stores a user’s seed phrase or “password-encrypted MetaMask vault” in iCloud if the user has enabled automatic backups for their application data. In a Twitter thread posted on Monday, MetaMask noted that users run the risk of losing their funds if their Apple password “isn’t strong enough” and an attacker is able to phish their account credentials. To fix the issue, users can disable automatic iCloud backups for MetaMask. The warning from MetaMask came in response to reports from an NFT collector who goes by “revive_dom” on Twitter, who stated on Friday that their entire wallet containing $650,000 worth of digital assets and nonfungible tokens (NFTs) was wiped via this specific security issue. They noted that the victim received multiple text messages asking to reset his Apple ID password, along with a supposed call from Apple which was ultimately a spoofed caller ID.


The methods of phishing used in this scam are important to be wary of. The attacker spoofed an Apple phone number, called the victim, and asked for their multifactor verification code. Companies like Apple will not call users to verify accounts. Phone numbers are very easy to spoof, so it is important to not trust a caller purely based on caller ID if there are other things about the interaction that are suspicious. If you receive a call from an organization asking for account information, it is highly recommended to not provide the caller with details and instead contact the company directly using a verified support number located on their website.