🔥Found a 0-day vulnerability that can transfer all assets on Uniswap Wallet 🔥
🧧PANews reported on January 10 that the ScaleBit security team under BitsLab published a post stating that in October 2024, the ScaleBit security team under BitsLab discovered a vulnerability in the Uniswap iOS wallet, named "Unauthorized access to mnemonics". The vulnerability allows attackers with physical access to the device to bypass the wallet's authentication mechanism and directly access the mnemonics stored in the device.
The root cause of this vulnerability is the design flaws in the storage and access mechanism of the mnemonic. The mnemonic is not effectively encrypted at the application layer, and the triggering conditions of the recovery page are unreasonable, allowing attackers with physical access to the device to easily bypass the wallet's authentication mechanism and directly obtain the mnemonic in the wallet.
Currently, the vulnerability still exists in the latest version of Uniswap Wallet (Version 1.42), which brings potential risks to all users of the wallet. Therefore, users need to pay special attention to the physical security of the device during use to avoid leaking the unlock password or lending the device to others.