TechFlow news — On May 19, according to the security community Dilation Effect's Twitter disclosure, several individuals recently reported their wallets being mysteriously compromised (cryptocurrencies and NFTs drained). A common factor among them was using an iPhone. After extensive research and analysis, a rarely noticed attack scenario was identified, which has been successfully reproduced on certain wallet apps.
Many users purchase (e.g., via Taobao) or use shared U.S. Apple IDs online. The iPhone backup mechanism automatically uploads app data to iCloud. Attackers who use the same Apple ID can restore the victim’s wallet app data onto their own device. Since local access passwords for wallets are often simple, attackers can easily crack them and transfer out the user’s assets.
Therefore, Dilation Effect warns iPhone users who have installed wallet apps: if you have ever purchased or used a third-party-provided Apple ID, stop using it immediately and transfer your wallet assets right away. Furthermore, this attack vector has already been successfully reproduced on several popular wallet apps currently available in the market. The community urges major wallet providers to take this issue seriously, conduct thorough investigations, optimize their security measures, and issue warnings to users.




