The security firm stated that attackers who possess physical access to a user’s device may be able to view the seed phrase of the wallet.
In a statement to Cointelegraph on January 13, ScaleBit, a subsidiary of security auditor BitsLab, has identified a potential vulnerability that could compromise “all stored assets” in the Web3 purses of decentralized exchange (DEX) Uniswap.
ScaleBit stated in a statement that the alleged “flaw allows adversaries with physical access to the device to circumvent the wallet’s authentication mechanisms and directly retrieve the mnemonic phrase cached on the device.”
The seed phrase, or mnemonic phrase, of a Web3 wallet is a sequence of 12 to 24 random syllables that provides complete control over the wallet’s assets from any device.
According to ScaleBit, “[A]nyone with access to an unlocked device can obtain the wallet’s mnemonic phrase in under three minutes.” The company also noted that “[alarmingly], this version persists even in the latest version of the app.”
ScaleBit advised that Uniswap Wallet users refrain from lending divides to others until the vulnerability is resolved.
Representatives from Uniswap did not promptly respond to enquiries for comment. Cointelegraph was unable to independently confirm the vulnerability.
Cryptocurrency losses due to cybersecurity exploits increased by 40% in 2024, reaching approximately $2.3 billion, according to Cyvers, a security firm, in a December correspondence with Cointelegraph.
According to Deddy Lavid, co-founder and CEO of Cyvers, the increase was a result of a rise in access control lapses, particularly in centralized exchanges (CEXs) and crypto custodians. Frequently, access control breaches consist of mnemonic phrases.
In a Dec. 31 post on X, blockchain security firm CertiK reported that losses due to crypto schemes, exploits, and breaches decreased in the final months of 2024, with December registering the lowest quantity of stolen funds.
CertiK reported that in December, there were $28.6 million in known losses due to exploits, breaches, and frauds, as opposed to $63.8 million in November and $115.8 million in October.
In a post on X on January 1, PeckShield, a blockchain security firm, disclosed comparable information. In December, it reported $24.7 million in breach losses, a 71% decrease from November.
Also Read: Singapore restricts access to Poly markets due to gambling regulations
Wallets