ScaleBit: Discovered a 0-day vulnerability that can transfer all assets from the Uniswap Wallet

2025-01-10 11:34:58

Collection

ChainCatcher news, the ScaleBit security team under BitsLab stated that in October 2024, the ScaleBit security team under BitsLab discovered a vulnerability in the Uniswap iOS wallet, named "Unauthorized Access to Mnemonic Phrase." This vulnerability allows attackers with physical access to the device to bypass the wallet's authentication mechanism and directly access the mnemonic phrase stored on the device.

The root cause of this vulnerability lies in the flawed design of the storage and access mechanism for the mnemonic phrase. The mnemonic phrase is not effectively encrypted at the application layer, and the triggering conditions for the recovery page are unreasonable, allowing attackers with physical access to the device to easily bypass the wallet's authentication mechanism and directly obtain the mnemonic phrase stored in the wallet.

Currently, this vulnerability still exists in the latest version of the Uniswap Wallet (Version 1.42), posing potential risks to all users of this wallet. Therefore, users should pay extra attention to the physical security of their devices during use, avoiding the disclosure of unlock passwords or lending their devices to others.

(Source Link)

Related tags

Uniswap Wallet 0 day vulnerability

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.