Apple User Lost $650k In iCloud Crypto Scam

Apple User Lost $650k In iCloud Crypto Scam

Iacovone recalls receiving a phone call that appeared to come from Apple, and despite initially believing it to be fraudulent, the call was spoofed to look like it came from the company’s online store. He attempted to redial the number, and connected with a scammer who said his Apple account was compromised and requested a six-digit verification code sent to Iacovone’s phone. He obliged, giving the scammer all they needed to take control of the iCloud account. However, since the seed phrase for the MetaMask wallet wasn’t stored on an iCloud file, users were puzzled as to how the crypto was stolen with just an Apple ID and password.
As it turns out, an iOS setting that can backup application data can automatically load seed phrases into the cloud, unbeknownst to users. “If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault,” the official MetaMask account confirmed in a Tweet. “If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.” According to the company, there is a way to disable this feature, with a settings menu found by navigating to Settings > Profile > iCloud > Manage Storage > Backups. However, it has sparked online debate about app transparency, and Iacovone himself has demanded MetaMask to make it clearly stated that iCloud backups could compromise a cryptocurrency seed phrase.
Source: Dominic Iacovone/Twitter, MetaMask/Twitter , CNET

#Apple #User #Lost #650k #iCloud #Crypto #Scam

Apple User Lost $650k In iCloud Crypto Scam

Iacovone recalls receiving a phone call that appeared to come from Apple, and despite initially believing it to be fraudulent, the call was spoofed to look like it came from the company’s online store. He attempted to redial the number, and connected with a scammer who said his Apple account was compromised and requested a six-digit verification code sent to Iacovone’s phone. He obliged, giving the scammer all they needed to take control of the iCloud account. However, since the seed phrase for the MetaMask wallet wasn’t stored on an iCloud file, users were puzzled as to how the crypto was stolen with just an Apple ID and password.
As it turns out, an iOS setting that can backup application data can automatically load seed phrases into the cloud, unbeknownst to users. “If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault,” the official MetaMask account confirmed in a Tweet. “If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.” According to the company, there is a way to disable this feature, with a settings menu found by navigating to Settings > Profile > iCloud > Manage Storage > Backups. However, it has sparked online debate about app transparency, and Iacovone himself has demanded MetaMask to make it clearly stated that iCloud backups could compromise a cryptocurrency seed phrase.
Source: Dominic Iacovone/Twitter, MetaMask/Twitter , CNET

#Apple #User #Lost #650k #iCloud #Crypto #Scam