MetaMask advises users to disable automatic iCloud backups of its wallet data to prevent hacks

Quick Take

  • MetaMask has notified users that automatic data backups in Apple devices can possibly lead to stolen funds.
  • The warning came a few days after one MetaMask user lost $655,000 worth of assets due to a compromised iCloud account.

MetaMask, a popular Web3 wallet, cautioned that automatic Apple iCloud backups could be a risk factor that can allow hackers to steal funds from its users.

The wallet software maker has advised users to disable such data backups. 

The team stated in a Twitter thread Sunday that its users' funds can be stolen if they have enabled a backup of MetaMask data on their Apple mobile devices. Such a compromise could occur if someone gained illicit access to the sensitive app data uploaded to iCloud -- particularly via phishing attacks.

"If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds," the MetaMask team wrote.

The warning came a few days after a MetaMask user named Domenic Iacovone claimed to have lost several NFTs and assets estimated to be worth $655,000 in total after someone took over their iCloud account.

What appears to have happened is that a hacker gained control of Iacovone's iCloud account and stole the wallet's Keystore — a file with JSON format that held an encrypted version of the wallet's private key needed to authorize transactions.

Notably, Apple’s mobile devices can automatically upload app data. In the backup process, files containing private keys (which are meant to only be used locally on the device) can get uploaded to Apple's cloud servers, which malicious entities may gain access to in the event of a phishing attack, for example.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy