The MetaMask team has warned non-custodial wallet users of the risks of storing data on Apple iCloud due to possible phishing attacks.

“Includes password protected MetaMask storage if you have iCloud backup of app data enabled. If it’s not secure enough and someone phishes your iCloud data, it could lead to asset theft.”

Wallet developers recommended to disable iCloud backup for MetaMask in device settings.

The MetaMask statement came after an incident with one of the immutable token collectors. On April 15, he announced on Twitter that he had lost $650,000 worth of NFTs.

“This is how it happened: I got a call from Apple, literally from Apple (with incoming ID). [Я] I called back as I suspected scam and it was an Apple number. That’s why I believed them. They asked for a code to be sent to my phone, and two seconds later my entire MetaMask was empty,” the user wrote.

Later, the founder of the DAPE NFT project under the pseudonym Serpent announced that unknown persons were able to carry out the theft due to the MetaMask seed phrase stored in iCloud.

“Scammers requested a password reset for the victim’s Apple ID. With the 2FA code, they took control of the Apple ID and access to iCloud, which opened them the way to the victim’s MetaMask, ”explained the author of the thread.

He recommended using a cold wallet for storage, not sharing confirmation codes with anyone, and reminded that information about an incoming number is “easy to fake”.

“Companies like Apple never call you,” Serpent said.

Recall that in March, the number of monthly active users of the unattended crypto wallet exceeded 30 million.

That same month, the developers added support for Apple Pay and gasless transactions to the new version of MetaMask.