MetaMask warned Apple users to beware of phishing attacks on April 17 after an iPhone user had $650,000 in NFT and ApeCoin (APE) hacked.
Several weeks ago, MetaMask expanded to the Apple ecosystem. This allows users to purchase digital assets with Apple Pay. Customers were allowed to buy cryptocurrencies with debit or credit cards, removing the need to send ETH to the application in advance.
« Buy crypto on iOS with Apple Pay, more transparency when interacting with sites and support for gas-free transactions when relevant ”, said the team behind MetaMask.
In a recent tweet, however, the wallet the cryptocurrency exchange has warned Apple users that they may be victims of phishing. MetaMask advised them to create a strong password, otherwise criminals can steal their funds. In addition, Apple stores the password on iCloud by default when automatic backup of application data is enabled.
This is a major security flaw. It allows attackers to target vulnerable users with phishing tactics, gaining access to their MetaMask wallet.
In addition, the crypto wallet provider shared the process of disabling automatic application backups on Apple devices, which can prevent such attacks.
A user who has lost everything
On April 15, a Twitter user, Domenic Iacovone, complained that he had lost all the non-fungible tokens (NFTs) in his wallet. It consisted of three Mutant Apes, three Gutter Cats and $100,000 in ApeCoin. Learn all about ApeCoin here.
Iacovone says he received a call on his phone that was reported to be an Apple company number. He did not pick up the phone at first, but called back since the caller ID indicated that it was an Apple number.
However, the caller was a scammer using a spoofed number. He asked Iacovone for a code sent to his phone posing as an Apple representative. Iacovone said that he lost everything contained in his Metamask wallet a few seconds after communicating the code to the scammer.
Explanation of the attack
The Twitter user @Snake, founder of the Sentinel cryptographic threat mitigation system, explained the process of the phishing attack. According to him, the attacker used a spoofer caller ID number. This made it look like the call was coming from Apple. All he had to do was pretend that there was suspicious activity on the account.
The scammer then requested a reset of the victim’s Apple ID password. The victim received a code for the reset, and the scammer asked him for this code, pretending that it was to verify the Apple ID.
In reality, the scammer uses the code to reset the victim’s password. He thus gains access to the iCloud account. If MetaMask’s data is stored on iCloud, they can access it and steal the victims’ property.
As we have pointed out in this article, a very small fraction of the use of cryptocurrencies is for fraudulent purposes. However, many organizations still classify cryptocurrencies as one of the main sources of dangers for consumers.
It is true that once the security barriers have passed, on wallets decentralized like Metamask everything is possible. This is one of the advantages of exchanges or other centralized platforms that offer double or triple security. However, as always the fault comes from the human. That is why it is important to remain very careful on the internet.
Metamask users have now been warned and it must be reminded once again that it is very dangerous to disclose any personal information without being sure that you are contacting the competent authorities.
Receive a digest of the news in the world of cryptocurrencies by subscribing to our new service ofdaily and weekly so you don’t miss anything essential Cointribune!
Observer of the monetary, economic and social revolution.