Users’ password-protected MetaMask vaults will be backed up on iCloud, according to the blockchain startup. The vault might be stolen or penetrated if the password isn’t strong enough.
That seems to be a real possibility. Domenic Iacovone, a MetaMask user, turned to Twitter on April 14 to report that his cryptocurrency wallet had been hacked. Non-fungible tokens (NFTs) and around $100,000 in Apecoin were among the digital assets that were lost.
When Iacovone got a call on his iPhone that appeared as an Apple number on caller ID, the story began, he claimed. Calling back, fraudsters requested a code that had been supplied to his mobile phone. His wallet was deleted in a matter of seconds after that.
They got into his iCloud account by calling him and asking for his two-factor authentication code, which they obtained via phishing. They were able to breach his MetaMask vault and take his valuables when he supplied it.
Users may stop iCloud backup for MetaMask under the Manage Storage area of their iCloud settings, according to MetaMask.
Avoiding providing personal information over the phone is another way to guard against phishing scams. Common among fraudsters is the use of a fictitious phone number or caller ID tag. A two-factor authentication code will never be requested by phone from Apple.
Instead of phoning back a phone number, customers can look out the company’s official customer service phone number on the company’s website.
The theft of NFTs or cryptocurrencies in a phishing attempt is nothing new. Digital assets worth more than $1.7 million were taken by hackers in February from OpenSea users.