MetaMask, a cryptocurrency wallet and blockchain app gateway (https://metamask.io/) used by 21 mil+ investors, Tweeted a warning (raw link at bottom) to iOS users that if they have iCloud backup enabled, their wallets could be hacked if someone phishes their iCloud credentials.
With iCloud backup enabled, a user’s crypto “seed” (a key to their account, typically ~12 words) may be used by anyone to steal their assets.
@sentinelwtf founder @serpent shares that a MetaMask user (@revive_dom) lost $655k in a phishing attack: “MetaMask actually saves your seed phrase file on your iCloud. The scammers requested a password reset for the victim’s Apple ID. After receiving the 2FA code, they were able to take control over the Apple ID, and access iCloud which gave them access to the victim’s MetaMask.”
Experts with Cyvatar and Shared Assessments offer comments.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
