According to Cointelegraph, ScaleBit, a subsidiary of security auditor BitsLab, has identified a potential vulnerability in Uniswap's Web3 wallets that could jeopardize all stored assets. The issue reportedly allows attackers with physical access to bypass authentication mechanisms and directly access the mnemonic phrase stored on the device. This phrase, also known as a seed phrase, is a critical component that provides full control over a wallet's assets from any device.
ScaleBit highlighted that anyone with access to an unlocked device could retrieve the wallet's mnemonic phrase in under three minutes. Alarmingly, this vulnerability persists even in the latest version of the app. As a precaution, ScaleBit advised Uniswap Wallet users to avoid lending their devices to others until the issue is resolved. Uniswap representatives have not yet responded to requests for comment, and Cointelegraph has not independently verified the vulnerability.
In related news, the cryptocurrency sector saw a significant increase in losses due to cybersecurity exploits in 2024, with a 40% rise compared to the previous year, totaling approximately $2.3 billion. This increase was largely attributed to access control breaches, particularly in centralized exchanges and crypto custodians, as noted by Deddy Lavid, co-founder and CEO of security firm Cyvers. Mnemonic phrase compromises are a common type of access control breach.
Despite the overall rise in losses, the final months of 2024 saw a decline in crypto scams, exploits, and hacks. December recorded the smallest amount stolen, with blockchain security firm CertiK reporting $28.6 million in known losses, compared to $63.8 million in November and $115.8 million in October. Similarly, blockchain security firm PeckShield noted a 71% decrease in hack losses in December, amounting to $24.7 million. These figures suggest a potential improvement in security measures towards the end of the year.