Uniswap wallet vulnerability enables seed phrase exposure, ScaleBit claims

ScaleBit, a subsidiary of cybersecurity firm BitsLab, has flagged a potential security vulnerability in Uniswap’s Web3 wallet, warning users of significant risks to their digital assets.

The vulnerability, disclosed on January 13, could allow attackers with physical access to a device to bypass authentication protocols and access the wallet’s seed phrase, according to Cointelegraph.

A seed phrase, also known as a mnemonic phrase, is a series of 12 to 24 words that provides complete control over a cryptocurrency wallet. According to ScaleBit, “anyone with access to an unlocked device can obtain the wallet’s mnemonic phrase in under three minutes.” Alarmingly, the security flaw reportedly remains present in the latest version of the Uniswap wallet app.

A Growing Concern for Crypto Security

ScaleBit has advised users to avoid lending their devices to others as a precaution until the vulnerability is addressed. However, Uniswap has yet to confirm or comment on the issue.

The report comes amidst heightened concerns over cryptocurrency security. Losses due to cybersecurity exploits surged 40% in 2024, reaching $2.3 billion, according to security firm Cyvers. Access control breaches, such as mnemonic phrase compromises, were a significant contributor to these losses.

Despite the alarming rise, blockchain security firms have reported a tapering of exploit losses in late 2024. December marked the lowest monthly total, with CertiK and PeckShield recording hack-related losses of $28.6 million and $24.7 million, respectively—a sharp decline from previous months.

As the crypto industry continues to expand, vulnerabilities like the one highlighted by ScaleBit underscore the critical need for robust security measures. Until the issue is resolved, users are urged to exercise extreme caution to protect their digital assets.

Union Square Ventures has transferred 578,000 Uniswap (UNI) tokens worth $8.45 million to Coinbase Prime, part of a systematic move since December totaling $55 million in UNI transfers. The firm still holds 10.364 million UNI tokens valued at $150 million, with further transfers likely.

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.