Security firm ScaleBit, a subsidiary of BitsLab, has flagged a critical vulnerability in Uniswap’s Web3 wallet that could expose users’ assets if attackers gain physical access to their devices.
Details of the Vulnerability
ScaleBit revealed on January 13 that the flaw allows attackers to bypass the wallet’s authentication and retrieve the mnemonic (or seed) phrase stored on the device.
- Mnemonic Phrase Exposure: A seed phrase—a 12- to 24-word sequence—is crucial for accessing and managing a wallet’s assets across devices.
- Ease of Exploitation: According to ScaleBit, an attacker with physical access to an unlocked device can retrieve the mnemonic phrase in under three minutes.
- Unpatched Flaw: ScaleBit stated that this vulnerability persists even in the latest version of the Uniswap wallet.
User Advisory: ScaleBit has urged Uniswap Wallet users to avoid lending their devices to others until a fix is implemented.
Uniswap representatives have yet to comment on the issue.
Rising Crypto Exploit Losses
The Uniswap wallet vulnerability highlights broader concerns about cryptocurrency security, especially as losses from cyber exploits surged in 2024:
- $2.3 Billion in Crypto Losses: Security firm Cyvers reported a 40% increase in cryptocurrency losses in 2024 compared to the previous year.
- Access Control Breaches: Centralized exchanges (CEXs) and crypto custodians were frequent targets of access control breaches, according to Cyvers CEO Deddy Lavid.
Decline in Exploit Losses Toward Year-End
While 2024 saw a rise in overall losses, December marked a positive trend with reduced incidents:
- December Losses: Blockchain security firms CertiK and PeckShield both noted a sharp decline in losses during December, with:
- CertiK: $28.6 million in losses compared to $63.8 million in November and $115.8 million in October.
- PeckShield: $24.7 million in December, a 71% decrease from November.
Despite the decrease, vulnerabilities like those flagged in Uniswap’s wallet serve as a stark reminder of the importance of robust security measures for crypto users.
