Redditor Andre highlighted the ease with which hackers can use the text prediction feature to drain a user’s funds just by being able to first word out of the BIP 39 list.
Seed phrases, a random combination of words from the Bitcoin Improvement Protocol (BIP) 39 list of 2048 words, act as one of the primary layers of security against unauthorized access to a user’s crypto holdings. But, what happens when your “smart” phone’s predictive typing remembers and suggests the words next time you try to access your digital wallet?
Andre, a 33-year-old IT professional from Germany, recently posted on the r/CryptoCurrency subreddit after discovering his mobile phone’s ability to predict the entire recovery seed phrase as soon as he typed down the first word.
As a fair warning to fellow Redditors and crypto enthusiasts, Andre’s post highlighted the ease with which hackers can use the feature to drain a user’s funds just by being able to type the first word out of the BIP 39 list:
#PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic.twitter.com/cmWUcprMAN
— PeckShieldAlert (@PeckShieldAlert) April 25, 2022
As Cointelegraph recently reported, based on PechShield’s findings, hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users.
Access to seed phrase guarantees complete control over the user’s crypto funds via the STEPN dashboard.
