Apple Users Warned Over Metamask iCloud Backdoor

Reading Time: 2 minutes
  • Users of Apple devices have been warned to disable iCould backups for the Metamask app
  • Leaving this feature turned on will see Metamask users’ seed phrases stored on the iCould
  • Strong passwords are also essential to protecting wallets

Users of Apple devices have been alerted to potential for their Metamask seed phrases to be uploaded to the cloud without them knowing, leading to the potential for their funds to be stolen if their iCould is compromised. Luckily the remedy is simple, but it is likely that many are not yet aware that their funds could be at risk from Apple’s auto backup feature.

Disable iCould Backups on Metamask App

Stories about the backdoor through the Metamask app breach emerged over the weekend, with Metamask quick to act and warn Apple users about it:

The issue relates to Apple’s iCould backup feature, which sees certain data from apps uploaded to the cloud. Unfortunately for Metamask users this includes their seed phrase, which a hacker can use to gain access to their Metamask wallet.

Automatic iCould backup is turned on by default when a new app is installed, and it is vitally important that Apple users follow Metamask’s instructions and disable Metamask from being able to back up data to the iCloud.

Strong Passwords Equally Important

As Metamask users will know, a password is also used in conjunction with the seed phrase to unlock a wallet. Therefore, as Metamask pointed out in its tweet thread, it is also important that passwords are strong and users protect themselves against phishing attacks and other social engineering attempts.

As we covered last week, new research suggests that passwords should now be 16 characters at minimum and should include a combination of upper and lower-case letters, numbers, and symbols.