MetaMask Issues Warning Following $650K iCloud Phishing Scam

Crypto wallet MetaMask issued a warning advising users to disable their iCloud backups following an exploit of Apple’s service in an estimated $650,000 phishing scam.

The DeFi wallet provider said Sunday users who have iCloud enabled for iPhone application data were susceptible to hackers because the backups include their password-encrypted MetaMask vault.

“If your password isn’t strong enough and someone phishes your iCloud credentials, this can mean stolen funds,” MetaMask tweeted.

The company did not immediately return a request for comment.

In one such phishing attack, hackers drained an estimated $650,000 from NFT investor Domenic Iacovone’s OpenSea account, including several Mutant Ape Yacht Club collectibles, on April 14.

“Got a phone call from Apple, literally from Apple (on my caller Id) called it back because I suspected fraud and it was an Apple number,” Iacovone tweeted. “So I believed them, they asked for a code that was sent to my phone and two seconds later my entire MetaMask was wiped.”

MetaMask’s response has drawn criticism from community members who argue the backup feature used in iCloud should either be disabled or made tougher for hackers seeking a way into users’ digital wallets.

MetaMask parent ConsenSys in February said it was looking to leverage NFTs (non-fungible tokens) as a means to onboard more users to its digital wallet while building out a white-label NFT platform.

While efforts are being made on that front, critics argue cases like Iacovone’s demonstrate ConsenSys’ need to improve security if it aims to bring on the “next wave” of wallet users.

---

Get the news in your inbox. Explore Blockworks newsletters:

• The Breakdown: Decoding crypto and the markets. Daily.
• 0xResearch: Alpha in your inbox. Think like an analyst.