MetaMask’s development team warned that automatic backups in Apple’s iCloud could allow hackers to steal users’ funds from their wallet.
The developers advised users to disable such data backups.
MetaMask user Domenic Iacovone previously said he lost several NFTs and some digital assets totaling $655,000 after someone took over his iCloud account.
During the backup process, files containing private keys (which are only for local use on the device) can be uploaded to Apple’s cloud servers, which attackers can access in the event of a phishing attack.
According to Sentinel, the perpetrator posed as an Apple Inc. representative and sent text messages to Yacovone asking him to reset his Apple ID password. The hacker called Yacovone at his phone number and used a fake caller ID.
Upon receiving the code, the hacker was given the opportunity to change the security password and then gained access to the private key file.