Galanis wrote on Twitter that he "Just got my Apple ID hacked". Although he didn't offer more details on how he had determined iCloud was to blame, it's likely he's referring to an attack vector where MetaMask automatically backs up users' seed phrases to iCloud unless it's disabled, meaning that a hacker who successfully accesses a person's iCloud account can also compromise any of their MetaMask wallets. The same type of attack saw a user lose $650,000 in April, and brought wider attention to the app's behavior.
A hacker compromised the wallet belonging to Steven Galanis, the CEO of Cameo, an app that allows people to pay various celebrities to record short messages for them. The hacker took 9,457 ApeCoin (~$69,000), 2.3 ETH (~$3,900), a Bored Ape NFT, three Otherside land plots, and other various NFTs. The hacker then flipped the Bored Ape for 77 ETH (~$131,000), and the other NFTs for a combined 16 ETH (~$27,000).