Metamask issued a series of tweets on Sunday, August 17th, advising users to disable automated iCloud backups to protect themselves against hackers.
This comes after a phishing attack exploiting Metamask’s iCloud capability resulted in the loss of $670k in assets for one Metamask user.
Auto iCloud Backups Disabled
To combat phishing or hacker threats, Metamask recently advised its users to discontinue automatic iCloud backups. One of the most popular Web3 wallets is Metamask. It primarily uses DeFi and NFT assets across many chains, notably BNB and Ethereum.
Metamask said yesterday that its users should turn off automatic iCloud backups. Metamask sent out a slew of tweets. They claim that if they enable iCloud backup for app data, their password-encrypted MetaMask vault will include. If the password isn’t strong enough and their iCloud credentials phishes, money is stolen.
Metamask said in the same discussion that investors might turn off this feature. To do so, go to Settings > Profile > iCloud > Manage Storage > Backups and toggle off the toggle here. They also provided the option to totally disable the service in order to prevent future unrequested backups. Users can simply go to Settings > Apple ID/iCloud > iCloud > iCloud path.
Protection from Phishing
The goal of Metamask’s tweet was to keep users protected from financial threats. A Metamask user lost roughly $655k a few days ago. This happened after their iCloud backup was hacked via phishing. Domenic Iacovone’s account was hacked, and the Keystore was stolen.
According to Domenic, the attack began when he received a call from an Apple phone number. They requested that he provide a code delivered to his phone in order to have his Apple ID password changed. The criminals changed the password and gained access to the private key file almost immediately after receiving the code.
The crooks subsequently gained direct access to Domenic’s wallet and stole his entire contents. A few seconds later, Domenic added, the entire Metamask wallet wiped clean.
Domenic’s wallet contained a variety of NFT and DeFi assets. For example, the wallet included three gutter cats (2280, 2325, and 2769) as well as three Mutant Ape Yacht Club cards (28478, 7536, 8952). Furthermore, the wallet contained APE tokens worth $100,000, according to Lacovone.
Domenic was quick to notice and issued a tweet about the goings-on, even going so far as to clarify the situation. He has even offered a $100,000 reward to anyone who can help recover the entire sum. Domenic, on the other hand, possibly got some of his assets back once Opensea reported them as missing.
This tweet, however, appears to have elicited an immediate response from Metamask. As a result, Metamask advises customers to disable the automatic iCloud backup rather than using it to avoid phishing.
Prevalence of NFT Hacking
In the NFT space, phishing and hacking are common occurrences. In the past, even Metamask has been a target of such attacks. Several incidents of NFT phishing on Opensea and other marketplaces this year have resulted in millions of dollars in losses. In the NFT realm, other types of hack assaults have also become popular.
Last month, 35 NFTs reported stolen in less than a week. Several Twitter accounts hijacked and phishing links sent out. However, delivering security measures to users via such platforms can assist safeguard them from future attacks.
