Via their official Twitter handle, popular crypto wallet provider MetaMask uyardı their users about functionality that could endanger their funds. Related to the wallet’s iCloud backup for an app’s data, if the users have a weak password, they become susceptible to bad actors.
İlgili Okuma | ABD, Kuzey Koreli Hacker Lazarus'u 622 Milyon Dolarlık Axie Infinity Exploit'e Bağladı
This could result in phishing attacks or other malicious strategies to steal the users’ funds, as MetaMask claimed. The crypto wallet provider said:
If you have enabled iCloud backup for app data, this will include your password-encrypted MetaMask vault. If your password isn’t strong enough, and someone phishes your iCloud credentials, this can mean stolen funds.
In other to disable this functionality, Apple users need to access their general settings and go into their iCloud configuration, MetaMask explained. Once there, users need to locate the Backups options and disable it for the crypto wallet. The wallet provider said:
If you want to avoid iCloud surprising you with unrequested backups in the future, you can turn off this feature at: Settings > Apple ID/iCloud > iCloud > iCloud Backup.
The warning follows an increase in the number of attacks suffered by decentralized finances (DeFi) protocols in the past months. This could be the result of a deliberate operation to target the crypto industry, göre to DeFiance Capital founder Arthur 0x:
Önde gelen siber güvenlik uzmanlarıyla yaptığımız araştırma ve görüşmelere dayanarak BlueNorOff'un kripto alanındaki tüm önde gelen kuruluşları hedef alan organize bir kampanya yürüttüğüne inanıyoruz.
Bitcoinist olarak rapor, Arthur was the victim of a phishing attack that cost him a loss of over $1.5 million. At the time, the DeFiance Capital speculated that the attacker was part of a bigger scheme created to conduct social engineer attacks.
Arthur seems to confirm this thesis in a recent Twitter thread. On social media, he said the attackers could be in possession of the industry’s “relationship graph”. This makes founders, developers, and users potentially more vulnerable.
MetaMask Warns Of Vulnerability Amid Increase In Crypto Hackings
The DeFiance Capital founder sivri to a Kaspersky investigation around BlueNorOff, a malicious group known for its crypto-related schemes. 0x added:
It is critical that this industry is highly aware that we are being actively targeted by a state-sponsored cyber crime organization that is extremely resourceful and sophisticated. They might even change the tools and attack pattern in future.
In addition to BlueNorOff, the infamous Lazarus Group has been linked to the recent attacks on the industry. Both groups are suspected to be backed by rogue states, such as North Korea.
These groups could have shifted from attacking banks, and centralized entities, to DeFi projects. The reward/risk factor favors the attackers as they can steal millions off a single successful hit.
Any solution to deter attacks to the supported on MetaMask, even with a hardware wallet, could be insufficient. 0x proposed the creation of multi-sigs wallet and custody solutions such as Fireblocks, Copper, and more caution from companies and users.
İlgili Okuma | Hacker'lar Li Finansını Hedefliyor ve Son Bir DeFi Hack'te 600,000 $ ile Kurtuluyor
Yazının yazıldığı sırada Ethereum (ETH) 3,000 saatlik grafikte %1.5 kârla 4 dolardan işlem görüyor.
Source: https://bitcoinist.com/metamask-warned-a-feature-could-put-funds-at-risk/