The MetaMask team has warned non-custodial wallet users about the risks of storing data in Apple iCloud due to possible phishing attacks.
Related: MetaMask announces integration with Apple Pay
“If you have enabled iCloud backup of app data, it includes password-protected MetaMask storage. If it's not secure enough and someone phishes your data from iCloud, it could lead to asset theft."
The wallet developers advised disabling iCloud backup for MetaMask in the device settings.
The MetaMask statement came after an incident with one of the collectors of non-fungible tokens. On April 15, he revealed on Twitter that he had lost $650,000 worth of NFTs.
“This is how it happened: I got a call from Apple, literally from Apple (by incoming ID). I called back because I suspected a scam, and it was an Apple number. So I believed them. They requested a code sent to my phone and within two seconds my entire MetaMask was empty,” the user wrote.
Later, the founder of the DAPE NFT project under the nickname Serpent explained that unknown people were able to carry out the theft because of the MetaMask seed phrase stored in iCloud.
“The scammers requested a password reset for the victim's Apple ID. With the 2FA code, they gained control of the Apple ID and access to iCloud, which opened the way for them to the victim's MetaMask,” the author of the thread explained.
He advised using a cold wallet for storage, not sharing confirmation codes with anyone, and recalled that information about an incoming number is "easy to fake."
“Companies like Apple will never call you,” Serpent said.
Trending: Salvadorans are against buying bitcoins at the expense of the budget
Recall that in March the number of monthly active users of non-custodial crypto wallets exceeded 30 million.
In the same month, the developers added support for Apple Pay and gas-free transactions to the new version of MetaMask.