I have been using the Metamask iPhone app as well as the browser extension for about 3-4 months.
In my iPhone wallet, about 8 days ago, I created an account and transferred 0.15 WETH and 430 USDT tokens from my browser account, on Polygon network. I then imported the browser account into my iPhone wallet.
Today, I first attempted to swap 200 USDT to WETH on my phone account. This didn’t work because I didn’t have any MATIC tokens to pay Gas fee in my phone account.
And so, I transferred some MATIC tokens from the imported browser account to my phone account, through the Metamask iPhone wallet app. Then, I attempted to use the app’s Swap option to swap some USDTs to WETH.
But this time, the app reported that I had no USDTs left in my phone account. I checked the browser account and confirmed that the USDTs were there either.
Looking at the transactions in Polygon, it looks the transferring of MATIC tokens from my imported browser account into the phone account triggered two unauthorized transactions - transferring all of my USDTs and WETHs from the phone account to some third party account on Eth mainnet address: 0x7c9554d3ccb8c42072290304096c696b5e8e7b18
Here is the address of my iPhone wallet account:
Unauthorized transaction 1: 0xdc662f8291baac7726c884d4e1a2b0add138437266aebb7668c0b7d96d63de0e
Unauthorized transaction 2:
I never authorized either of these transactions.
Some $860 worth USDT and WETHs seem to have disappeared from my Wallet!
I am extremely concerned with the safety of using MetaMask wallet right now. I never shared the secret phrases or private keys of my phone or browser accounts with anyone nor stored it on 3rd party Cloud storage.