MetaMask Advises Against Automatic iCloud Backups of Wallet Data to Prevent Hacks

MetaMask Advises Against Automatic iCloud Backups of Wallet Data to Prevent Hacks

On Sunday, 17th, Metamask posted a series of tweets warning users to disable the automatic iCloud backups feature to protect them from hacking. This is after one Metamask user lost about $670k worth of assets from a phishing attack using the iCloud feature.

Disable Auto iCloud Backups, Metamask Warns Investors

Recently, Metamask warned its users to disable automatic iCloud backups to avoid phishing or hacking attacks. Metamask is one of the largest Web3 Wallets, primarily working with DeFi and NFT assets in various chains, including BNB and Ethereum.

Yesterday, Metamask posted a Tweet noting that its users should disable automatic iCloud backups. Metamask posted a series of tweets, saying,

“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.”

In the same thread, Metamask mentioned that investors could disable this feature by turning off the “toggle here: Settings > Profile > iCloud > Manage Storage > Backups.” They even gave an option to completely turn the feature off and avoid unrequested backups in the future. Users can just follow the Setting > Apple ID/iCloud > iCloud > iCloud path.

Intends to Protect From Phishing

Metamask’s tweet aimed to help users remain safe from financial threats. A few days ago, a Metamask user lost about $655k after their iCloud backup was compromised through phishing. A hacker gained control of Domenic Iacovone’s account, stealing the Keystore.

According to Domenic, this whole attack started after receiving a call from an Apple number, asking him to give them a code sent to his phone to reset his Apple ID password. Immediately after obtaining the code, the criminals changed the password and accessed the private key file. The criminals then got direct access to Domenic’s wallet and stole everything. Domenic said the entire Metamask wallet was wiped clean a few seconds later.

Domenic had different NFT and DeFi assets in the wallet. For instance, the wallet had three gutter cats (2280, 2325, 2769) and 3 Mutant Ape Yacht Club(28478, 7536, 8952). Moreover, according to Lacovone, the wallet had APE tokens worth $100 thousand.

Immediately Domenic noticed, he sent a tweet about the activities, even explaining the entire ordeal. Domenic even announced a $100k reward to anyone who helps recover the whole funds. However, Domenic might have gotten some of his assets back after Opensea flagged them as stolen.

However, it appears that this tweet triggered an immediate response from Metamask. Hence, Metamask asks users to avoid using the automatic iCloud backup and instead disable it to stay safe from phishing.

NFT Hacking is Prevalent

Phishing and hacking are prevalent occurrences in the NFT space. Even Metamask has been a victim of such attempts in the past. This year, there have been several reports of NFT phishing on Opensea and other marketplaces, leading to millions in losses. Other forms of hack attacks have also been common in the NFT space. 

Last month, there were reports that 35 NFTs were stolen in just a week. Several Twitter accounts were hacked and used to send phishing links. However, such platforms sending security measures to users can help protect them from such attacks in the future.