A popular crypto wallet is warning its users about a cloud-storage vulnerability that could put their funds at risk of a phishing attack.
In a series of tweets, MetaMask explains how a combination of weak passwords and certain default backup settings while using Apple’s iCloud service could impact their crypto holdings.
“If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault.
If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.”
MetaMask next provides step-by-step instructions about how to adjust iCloud backup settings to help protect their data.
“You can disable iCloud backups for MetaMask specifically by turning off the toggle here:
Settings > Profile > iCloud > Manage Storage > Backups.
If you want to avoid iCloud surprising you with unrequested backups in the future, you can turn off this feature at:
Settings > Apple ID/iCloud > iCloud > iCloud Backup.”
The announcement comes after a non-fungible token (NFT) collector tweeted that he had lost his “entire wallet” after his Apple account was hacked.
According to the founder of crypto threat mitigation system Sentinel, the NFT collector lost $650,000 worth of digital assets after the user’s seed phrase was saved on the iCloud. The bad actors requested a password reset for the user’s Apple ID, which gave them access to the victim’s MetaMask credentials.
MetaMask’s software-based cryptocurrency wallet is available as a browser extension or mobile app. The project is backed by New York-based ConsenSys, a leading Ethereum-focused development studio.
