MicroStrategy's Significant Bitcoin Impairment Losses May Mislead: Berenberg
Turkish Crypto Exchange Thodex CEO Faruk Özer Sentenced to 11,196 Years in Prison for Collapse
DeFi and Credit Risk
Seed phrases, which are made up of a random combination of words from the BIP 39 list of 2048 words, are one of the most important levels of protection against unwanted access to a user's crypto assets. But what if the predictive typing on your'smart' phone remembers and proposes the terms the next time you want to access your digital wallet?
Andre, a 33-year-old IT specialist from Germany, recently discovered his phone's capacity to guess the complete recovery seed phrase as soon as he typed the first word on the r/CryptoCurrency subreddit.
Andre's post served as a fair warning to other Redditors and crypto aficionados, highlighting how easily hackers may utilize the functionality to drain a user's assets just by typing the first phrase from the BIP 39 list:
"This makes it simple to exploit; just buy a phone, open any chat app, and start entering any phrases from the BIP39 list to see what the phone proposes."
Andre, a.k.a. u/Divinux on Reddit, told Cointelegraph about his surprise when his phone practically guesses the (12-24 word) seed phrase — "First I was astonished - the first two words may be a coincidence, right?" he said.
As a techie, the German crypto investor was able to recreate the circumstance in which his phone could properly guess the seed words. "I decided I should warn others about it," she says, after understanding the potential significance of this knowledge if it got into the wrong hands. "I'm sure there are others who have entered seeds into their phone as well."
Andre's tests revealed that Google's GBoard was the least susceptible, as the program did not correctly guess every phrase. Microsoft's Swiftkey keyboard, on the other hand, was able to guess the seed phrase straight away. If 'Auto replace' and 'Suggest text corrections' are manually switched on, the Samsung keyboard can also guess the words.
Andre began his cryptocurrency journey in 2015, when he lost interest until he found he could buy products and services using Bitcoin (BTC) and other cryptocurrencies. Buying and staking BTC and altcoins like Terra (LUNA), Algorand (ALGO), and Tezos (XTZ) and "then dollar-cost averaging (DCA) out into BTC when/if they moon" is part of his investing approach. As a pastime, the IT specialist creates his own coins and tokens.
According to Andre, storing big and long-term assets in a hardware wallet is a good way to protect against prospective attacks. OP's advice to Redditors all over the world includes: don't lose your keys, don't lose your coins, DYOR, don't FOMO, never invest more than you can afford to lose, always double-check the address you're sending to, always send a small amount ahead of time, and disable your PMs in Settings, concluding:
"Do yourself a favor and erase your predictive type cache to avoid it from occuring."
The crypto community has been informed about a high number of phishing websites targeting users of the Web3 lifestyle app STEPN, according to blockchain security firm PeckShield.
#PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic.twitter.com/cmWUcprMAN
— PeckShieldAlert (@PeckShieldAlert) April 25, 2022
According to CoinCryptoUS, hackers utilize a fake MetaMask browser plugin to harvest seed phrases from unwary STEPN users, based on PechShield's research.
The ability to examine the seed phrase ensures that the user has total control over their crypto money via the STEPN dashboard.
=====
Related Video: