MetaMask Warned About Feature That Could Put Funds At Risk

Via their official Twitter handle, popular crypto wallet provider MetaMask warned their users about functionality that could endanger their funds. Related to the wallet’s iCloud backup for an app’s data, if the users have a weak password, they become susceptible to bad actors.

Related Reading | U.S. Links North Korean Hacker Lazarus To $622 Million Axie Infinity Exploit

This could result in phishing attacks or other malicious strategies to steal the users’ funds, as MetaMask claimed. The crypto wallet provider said:

If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.

In other to disable this functionality, Apple users need to access their general settings and go into their iCloud configuration, MetaMask explained. Once there, users need to locate the Backups options and disable it for the crypto wallet. The wallet provider said:

If you want to avoid iCloud surprising you with unrequested backups in the future, you can turn off this feature at: Settings > Apple ID/iCloud > iCloud > iCloud Backup.

The warning follows an increase in the number of attacks suffered by decentralized finances (DeFi) protocols in the past months. This could be the result of a deliberate operation to target the crypto industry, according to DeFiance Capital founder Arthur 0x:

Based on our research and conversation with leading cyber security experts, we believe BlueNorOff are running an organized campaign to target all the prominent organizations in the crypto space.

As Bitcoinist reported, Arthur was the victim of a phishing attack that cost him a loss of over $1.5 million. At the time, the DeFiance Capital speculated that the attacker was part of a bigger scheme created to conduct social engineer attacks.

Arthur seems to confirm this thesis in a recent Twitter thread. On social media, he said the attackers could be in possession of the industry’s “relationship graph”. This makes founders, developers, and users potentially more vulnerable.

MetaMask Warns Of Vulnerability Amid Increase In Crypto Hackings

The DeFiance Capital founder pointed to a Kaspersky investigation around BlueNorOff, a malicious group known for its crypto-related schemes. 0x added:

It is critical that this industry is highly aware that we are being actively targeted by a state-sponsored cyber crime organization that is extremely resourceful and sophisticated. They might even change the tools and attack pattern in future.

In addition to BlueNorOff, the infamous Lazarus Group has been linked to the recent attacks on the industry. Both groups are suspected to be backed by rogue states, such as North Korea.

These groups could have shifted from attacking banks, and centralized entities, to DeFi projects. The reward/risk factor favors the attackers as they can steal millions off a single successful hit.

Any solution to deter attacks to the supported on MetaMask, even with a hardware wallet, could be insufficient. 0x proposed the creation of multi-sigs wallet and custody solutions such as Fireblocks, Copper, and more caution from companies and users.

Related Reading | Hackers Target Li Finance And Get Away With $600,000 In A Recent DeFi Hack

At the time of writing, Ethereum (ETH) trades at $3,000 with a 1.5% profit in the 4-hour chart.

Ethereum ETH ETHUSD
ETH moving sideways on the 4-hour chart. Source: ETHUSD Tradingview

Source: https://bitcoinist.com/metamask-warned-a-feature-could-put-funds-at-risk/