ScaleBit, a subsidiary of security audit firm BitsLab, has flagged a vulnerability in decentralized exchange (DEX) Uniswap’s Web3 wallet that could potentially compromise “all assets stored,” ScaleBit told Cointelegraph on January 13.
“The flaw allows an attacker with physical access to the device to bypass the wallet’s authentication mechanism and directly retrieve mnemonic phrases stored on the device,” ScaleBit said in a statement.
A Web3 wallet’s mnemonic phrase, also known as a “seed phrase,” is usually a string of 12 to 24 random words that grants you full control over your wallet assets on any device.
“(A)nyone with access to an unlocked device can obtain the wallet’s mnemonic phrase in under 3 minutes,” ScaleBit said, adding, “(surprisingly) this version persists even in the latest versions of the app.” .
ScaleBit said Uniswap Wallet users should avoid splitting loans to others as a precautionary measure until the vulnerability is patched.
Uniswap representatives did not immediately respond to a request for comment. Cointelegraph has not been able to independently confirm the vulnerability.
Uniswap Web3 wallet recovery phrase. Source: Scalebit
relevant: Winners and Losers in 2024: The Year of All-Time Highs, Hacks and Hoardings
loss exploit
Cryptocurrencies lost to cybersecurity attacks will reach about $2.3 billion in 2024, up 40% from the previous year, security firm Cyvers told Cointelegraph in December.
According to Deddy Lavid, co-founder and CEO of Cybers, this increase reflects a rise in access control violations, particularly at centralized exchanges (CEXs) and cryptocurrency custodians. Consisting of mnemonic phrases is a common type of access control violation.
Total annual loss of funds. Source: Cyberse
In particular, losses due to cryptocurrency fraud, exploits, and hacking decreased in the final months of 2024, with December having the lowest amount stolen, blockchain security firm CertiK wrote in a December 31 post on X. .
CertiK said in December that known losses due to exploits, hacks and fraud amounted to $28.6 million. This compares to $63.8 million in November and $115.8 million in October.
Blockchain security company PeckShield shared similar data in a post by X on January 1. Hacking losses in December were $24.7 million, down 71% from November, it said.
magazine: Cryptocurrency as ‘Banana Singularity’, Bybit discontinues India service, and more: Hodler’s Digest, January 5 – 11