Do You Use MetaMask With an Apple Device? Your Account May Be at Risk

Take this step to protect your crypto assets.

Just weeks after popular crypto wallet MetaMask announced iPhone users could buy crypto using Apple Pay, it's now warning Apple users to be vigilant. If hackers gain access to your Apple account, they could also steal your crypto holdings. One collector whose Apple account was hacked said on social media he'd lost around $650,000 of digital assets from his NFT wallet.

How to protect your MetaMask wallet on an iPhone

According to a series of MetaMask tweets, if you use iCloud's app data backup function, it will automatically upload your password encrypted MetaMask vault to the cloud. "If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds," said the tweet.

The issue is that your seed phrase -- like the master password for your crypto wallet -- gets uploaded as part of the backup. If someone else gets access to your seed phrase, they can control your assets. Even if you keep your seed phrase in a secure place offline, this means it could still be at risk.

You can avoid this by disabling iCloud backup on your iPhone for your MetaMask wallet. Here's how:

• Go to Settings > Your Profile > iCloud > Manage Storage > Backups
• Turn off the backup toggle for your MetaMask app

Many cryptocurrency investors keep the keys to their digital assets in external crypto wallets, including hot wallets such as MetaMask. The advantage of hot wallets is that they are convenient and it's easy to connect them to various decentralized finance applications. However, because it is connected to the internet, a hot wallet could be susceptible to hacking.

If you hold significant amounts of digital assets, it may be worth considering a hardware wallet. Hardware wallets are external devices that cost upwards of $50. These are a type of cold wallet, meaning they are kept offline and are therefore harder to hack. They are also isolated from any malware or viruses. 

How to protect yourself against phishing attacks

Phishing attacks are an increasingly common way for criminals to try to steal your personal information. Phishers pose as legitimate organizations often by phone, SMS, or email and try to trick you into sharing confidential data. As this instance shows, they can then use that information to access things like your cryptocurrency accounts, bank accounts, or commit identity theft. 

Common forms of phishing include creating fake websites to trick users into entering their data, posing as customer service representatives by phone, or sending spoof emails asking for urgent information. Here are some ways to protect yourself:

• Use strong passwords. It's a hassle, but using a unique password for each account makes life a lot harder for potential hackers. Use hard-to-guess passwords that contain a mix of letters, numbers, and symbols. 
• Keep your antivirus software up to date. Antivirus and malware protections need to be updated to be effective against any new threats. If possible, set any antivirus software to update automatically.
• Be suspicious of anyone asking for password information. Customer service representatives should never ask you to share your password. They may ask for the first and third digit of your telephone security, but if someone asks for your whole password, that's a red flag.
• Don't open attachments sent by email unless you're 100% sure of the source. Links and attachments can contain viruses and malware. If it's a file you weren't expecting, don't open it.
• Watch for tell-tale phishing signs. If anything about an email feels odd, trust your instinct. It could be a logo that's not quite the right color, a generic greeting when the company knows your name, or perhaps there are spelling mistakes.

If you have any doubt about the credentials of someone who contacts you out of the blue, don't let a false sense of urgency push you to share information about yourself. Instead, contact the company directly and find out if there's a legitimate issue.

Bottom line

Maintaining your own cryptocurrency wallet has a lot of advantages. Your account can't be arbitrarily frozen by a centralized platform, you can connect to a host of decentralized finance applications, and you have control over your assets. However, it also brings additional responsibilities and something that seems harmless, such as an iCloud backup can unintentionally expose us to additional risks. As a result, if you're a hot wallet user, it's wise to be extra vigilant about your online security.