BitsLab’s ScaleBit Flags ‘Exciting’ Uniswap Wallet Vulnerability
ScaleBit, a subsidiary of security auditor BitsLab, has identified a vulnerability that could compromise “all stored assets” in decentralized exchange (DEX) Uniswap Web3 wallets, ScaleBit told Cointelegraph on January 13.
The alleged flaw “allows attackers with physical access to the device to bypass the wallet's authentication mechanisms and directly extract the mnemonic phrase stored on the device,” ScaleBit said in a statement.
A Web3 wallet passphrase, also known as a “pedigree”, is a string of 12 to 24 random words that allows full control of wallet assets from any device.
“[A]Anyone with an unlocked device can get the wallet's passphrase in less than three minutes, ScaleBit said, adding: “[alarmingly]this version will continue even in the new version of the application.
ScaleBit said Uniswap Wallet users should avoid sharing with others as a precaution until the vulnerability is fixed.
Uniswap representatives did not immediately respond to requests for comment. Cointelegraph could not independently confirm the vulnerability.
Uniswap Web3 Wallet Recovery Phrase. Source: ScaleBit
RELATED: 2024 Winners and Losers: The Year of All-Time Highs, Hacks and Holds
Exploitation of losses
In the year By 2024, the cryptocurrency lost to cyber security exploits has increased 40% from $2.3 billion in the year before.
The increase reflects an increase in access control violations, particularly at central exchanges (CEXs) and crypto custodians, according to Dedi Lavid, co-founder and CEO of Cyvers. It is a common type of access control violation that consists of memory phrases.
Total annual financial loss. Source: Syvers
In particular, losses to crypto scams, exploits and hackers closed in the final months of 2024, with December recording the smallest amount stolen, blockchain security firm CertiK said in a December 31 post on X.
CertiK said December saw $63.8 million in November and $115.8 million in October, with $28.6 million in known losses for exploitation, hacking and fraud.
Blockchain security firm PecShield shared similar information in a January 1 post on X. Hack lost $24.7 million in December, a 71 percent drop from November.
Magazine: From Crypto to ‘Banana Singularity', Bybit Stops India Services, and More: Hodler's Digest, January 5 – 11
