Published: 01.05.2022
Article reading time:
2 minutes.
A German crypto investor and IT professional, known on the Reddit blogging platform as u/Divinux, revealed how the predictive text feature can compromise the seed of a crypto wallet.
The real name of the blogger is Andre. He posted a warning on the r/CryptoCurrency subreddit that when typing, his smartphone is able to predict the original phrase to restore access to the crypto wallet – when typing the first word from the BIP 39 list.
BIP 39 (Bitcoin Improvement Proposal #39) defines 2,048 distinct words, listed in alphabetical order. A random combination of words from the list acts as the initial seed phrase, one of the main levels of protection against unauthorized access to the user’s cryptocurrency assets.
“I was stunned and it seemed that the first couple of words could just be a coincidence. Then I saw how my phone literally guesses the seed phrase of 12-24 words, ”Andre shared his observation.
Awareness of the possible impact of the information he received if it fell into the wrong hands, prompted the blogger to “tell people about it.”
The German investor’s experiments showed that Google’s GBoard was the least vulnerable because the program didn’t predict every word in the correct order. Microsoft’s Swiftkey keyboard was able to predict the original phrase thanks to its default settings, while Samsung’s keyboard can predict words if “Autocorrect” and “Suggest text corrections” are enabled.
André marveled at the ease with which hackers could use this feature to access a user’s funds by simply typing the first word on the BIP 39 list:
“Pick up your phone, fire up any chat app, start typing any of the BIP39 list words, and see what the phone has to offer.”
One of the reasons that creates the possibility of compromising the seed phrase when entering text on smartphones, Andre considers the storage of predictive cache data in a mobile phone.
Cybersecurity agency Peckshield reported that attackers flooded the Internet with phishing sites of the Stepn game project to steal the seed phrases of users’ wallets.
Source: Bits
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
