According to a study by the security firm DilationEffect, purchasing someone else’s Apple ID may enable third parties with access to the wallet to steal cryptocurrency through data recovery.
Large criminal organizations are currently adopting this form of theft, and the total value of the coins taken currently surpasses $10 million.
Users should be cautious while using encrypted wallets if they are using someone else’s Apple ID.
Using Apple ID, criminals can take cryptocurrency from wallets
There are no random phishing links on the device, the seed phrases are not compromised (not stored in the public domain, in phone applications, or in cloud storage), and Apple device users have been reporting recently that crypto assets from their wallets are mysteriously missing (coins and NFTs are being transferred from wallets). The common feature of all those affected is that they use iPhones.
An attack scenario that is rarely seen by people was found after extensive investigation and analysis, and it was effectively executed in various wallet programs. Downloading apps from the App Store is restricted by country or area in some places. For instance, some apps cannot be downloaded by accounts in mainland China.
Many people purchase or use an online-posted US Apple ID. An attacker can recover wallet app data on the victim’s mobile phone by using the same Apple ID because the iPhone backup engine backs up mobile app data to the cloud.
Additionally, setting the password for local access to the wallet is not very difficult, making it simple for an attacker to hack it and extract funds. The dilation Effect determined that an organized crime syndicate was responsible for these hacks, with the stolen funds of the victim users totaling more than $10 million, by tracing the stolen assets on the blockchain.
It has happened before for this assault scenario. Major wallet makers are urged by DilationEffect to look into this problem, correct it, and alert their customers to this danger.
How to avoid having your wallet hacked using your Apple ID
Users who have wallet apps installed on their Apple devices and have purchased or used an Apple ID that was provided by someone else are encouraged to stop using it right now and transfer their assets from that wallet to another wallet.
Stop using it if you have a wallet loaded on your iPhone but the Apple ID is not yours.