MetaMask, the popular crypto wallet provider, has issued a warning to users of its services regarding a security vulnerability. The warning, which was issued on April 17, 2022, was directed at those using MetaMask on Apple devices.
Details of the Security Issue
According to the warning, those using the MetaMask wallet on iOS devices are vulnerable to a phishing attack via the Apple iCloud. The company detailed the risk via an elaborate thread on Twitter on Sunday. According to the crypto wallet, users of iPhones, Mac, and iPad devices were all vulnerable to the issues. In its thread, MetaMask noted that Apple devices store the seed phrase of the MetaMask wallet on the iCloud by default. This occurs when the automatic backup for app data is on.
This is a major security risk, which would allow attackers to target users via a phishing attack to gain access to the wallet. However, it can be avoided. The company shared the steps that users need to take to disable automatic app backup to iCloud. Doing so could prevent such an attack from occurring.
What is Phishing?
Phishing is a common attack used by hackers where they imitate websites, emails, and texts to obtain personal data. The most common target is user passwords, private crypto keys, and credit card data. During a phishing attack, hackers pretend to be a reputable service to obtain data. They rely heavily on manipulating their targets psychologically to obtain their data.
To avoid being a victim, always look out for offers that are too good to be true. Avoid clicking on unsolicited links in your email address inbox, and do not take any action that comes with a sense of urgency to it. One way they get victims is to trick them to act fast using limited-time offer deals. One way to tell if a phishing attack is in progress is to hover your cursor over a URL. When you do that, the real URL will show up, which is different from the displayed URL. Within the crypto wallet, they take the form of crypto wallets that trick you to give them your private keys.
MetaMask is one of the most popular crypto wallets in the world. It is used to connect the masses to the DeFi world and other blockchain-based applications. Thus far, it has garnered 10 million active monthly users.
In the past, users of the service have been targeted in phishing attacks. At the time, hackers lost $650K worth of NFTs to hackers. The hackers sent potential victims multiple texts telling them to reset their Apple passwords. When the users reset their passwords, the hackers called them using a spoofed caller ID pretending to be Apple and asked for the six-digit authentication code. With the code, the hackers accessed the users’ accounts and stole funds from the MetaMask wallets.
While MetaMask is a convenient option for accessing online crypto exchanges, one should not use it to store their crypto funds. It is especially so if one owns a sizable amount of crypto. The funds should be stored in an offline hardware wallet to keep them safe from hackers.
Notice: Information contained herein is not and should not be construed as an offer, solicitation, or recommendation to buy or sell securities. The information has been obtained from sources we believe to be reliable; however, no guarantee is made or implied with respect to its accuracy, timeliness, or completeness. Authors may own the cryptocurrency they discuss. The information and content are subject to change without notice. Visionary Financial and its affiliates do not provide investment, tax, legal, or accounting advice.