MetaMask, a popular crypto wallet app, is being targeted due to a design flaw on iOS. A phishing scam that involves a call that appears to come from Apple is able to drain MetaMask wallets by way of a default setting that could definitely be called a security flaw; the app writes the security seed phrase needed for remote access to iCloud backups unless this aspect is manually disabled.
Most popular Ethereum crypto wallet has been writing seed phrases to cloud backups
The MetaMask crypto wallet is the one most commonly used by holders of Ethereum cryptocurrencies; publisher ConsenSys estimates that it had over 30 million active users as of March.
The phishing scam begins with a call that is spoofed to appear to be coming from a legitimate number listed by Apple’s online store. A fake Apple customer service agent tells the recipient that their account has been compromised and that they will be sending a one-time code to the phone to verify that the target is the account owner. Of course, this code is part of a credential reset attempt by the attacker (likely using the iForgot feature).
This alone should not allow an attacker to drain a crypto wallet. But MetaMask has a default setting, apparently unbeknownst to many users, that automatically writes the recovery seed phrase for the wallet to the user’s iCloud backups. With access to the target’s Apple account, the hacker can retrieve the seed phrase and drain the crypto wallet within seconds by using a purpose-built…
