Crypto Holders With Apple Devices Beware This Icloud Flaw Jeopardizes Your Metamask Assets

Apple-owning MetaMask users who have iCloud backup enabled are jeopardizing their cryptocurrencies and/or NFTs. Why? When iCloud stores your information on Apple’s remote servers, it includes your password-encrypted MetaMask vault. If you have a weak password, or you fall victim to a phishing attack, hackers can take advantage and skip away with stolen funds.

What are NFTs?How to buy real estate in the metaverseThe best laptops for mining crypto

AppleInsider pointed out a real-life incident in which a MetaMask user, Domenic Iacovone, lost several NFTs and $100,000 in ApeCoin, an ERC-20 (i.e., Ethereum-based) token, due to a phishing attack. Iacovone received a call on his iPhone “that read as an Apple number on his caller ID,” AppleInsider said. When he called the number back, the scammer asked for a two-factor authentication code that was sent to his device. He obliged. Seconds later, his entire MetaMask wallet was wiped. As it turned out, the scammer managed to snag Iacovone’s iCloud credentials. Apple’s two-factor authentication code was the final layer of security protection that could have prevented Iacovone from losing all of his digital valuables, but unfortunately, he fell for the hacker’s bait hook, line and sinker. The malicious actor tried to sell the swiped NFTs on OpenSea, a popular marketplace for non-fungible tokens, but OpenSea flagged the stolen digital collectibles as suspicious. When this happens, the NFTs are locked; they cannot be sought, sold nor transferred using OpenSea. Unfortunately, as of this writing, Iacovone is seemingly still trying to recover his assets.

How to stop iCloud from backing up your Metamask data

Apple users can disable iCloud backups for Metamask by navigating to Settings > Profile > iCloud > Manage Storage > Backups. Another way to secure your Metamask is to use a crypto hardware wallet like the Ledger Nano X and Ledger Nano S Plus. Hackers can’t do anything with your assets because they’d need to physically have your hardware wallet, along with your pin code, to manage your crypto and/or NFTs.