ScaleBit, a subsidiary of security auditor BitsLab, has identified a significant vulnerability in Uniswap’s Web3 wallet. This security flaw could allow attackers with physical access to a device to bypass authentication mechanisms and access the wallet’s mnemonic phrase, which is crucial for controlling assets. The mnemonic phrase, often called a “seed phrase,” typically consists of 12 to 24 random words and can grant full control of a wallet from any device. ScaleBit reports that the phrase can be obtained from an unlocked device in under three minutes, and this vulnerability affects the latest version of the app.
As a precaution, ScaleBit advises Uniswap Wallet users not to lend their devices to others until this issue is resolved. Uniswap representatives have yet to comment on the matter, and Cointelegraph has not independently verified the vulnerability.
Meanwhile, cybersecurity exploits in cryptocurrency resulted in a 40% increase in losses in 2024, amounting to roughly $2.3 billion, according to the security firm Cyvers. The increase is attributed to a rise in access control breaches, particularly involving mnemonic phrases in both centralized and decentralized exchanges. Despite the overall rise in losses, December 2024 witnessed the lowest monthly losses of the year, with blockchain security firms CertiK and PeckShield reporting a significant decline compared to previous months.
