Uniswap wallet vulnerability poses risk to assets

ScaleBit, a security firm under BitsLab, has identified a significant vulnerability in the Uniswap Web3 wallet that could jeopardise users' stored assets.

The flaw allows attackers with physical access to a device to bypass authentication measures and directly access the wallet's mnemonic phrase, which is essential for controlling the wallet's assets.

ScaleBit reported that this vulnerability enables anyone with access to an unlocked device to retrieve the mnemonic phrase in less than three minutes.

This issue persists even in the latest version of the Uniswap (CRYPTO:UNI) app, raising concerns about the security of users' funds.

“Anyone with access to an unlocked device can obtain the wallet’s mnemonic phrase in under three minutes,” ScaleBit stated, emphasising the urgency of addressing this vulnerability.

Users are advised to refrain from lending their devices until a patch is released.

As of now, Uniswap has not responded to inquiries regarding this security concern, and independent verification of the vulnerability remains unconfirmed.

In 2024, losses from cryptocurrency exploits surged by 40%, totaling approximately $2.3 billion, according to security firm Cyvers.

This increase highlights a troubling trend in access control breaches, particularly affecting centralised exchanges and crypto custodians.

While losses from scams and hacks decreased significantly in December 2024 compared to previous months, the ongoing vulnerabilities in platforms like Uniswap continue to pose risks for users.

In light of these findings, it is crucial for Uniswap wallet users to prioritise physical security and be cautious about device sharing until further updates are provided.

The situation underscores the need for enhanced security protocols within decentralised finance applications to protect users' assets effectively.

At the time of reporting, the Uniswap (UNI) price was $13.06.