Warning: Smartphone text prediction guesses crypto hodler’s seed phrase

Published at: May 1, 2022

Seed phrases, a random combination of words from the Bitcoin Improvement Protocol (BIP) 39 list of 2,048 words, act as one of the primary layers of security against unauthorized access to a user’s crypto holdings. But what happens when your “smart” phone’s predictive typing remembers and suggests the words next time you try to access your digital wallet?

Andre, a 33-year-old IT professional from Germany, recently posted on the r/CryptoCurrency subreddit after discovering his mobile phone’s ability to predict his entire recovery seed phrase as soon as he typed down the first word.

As a fair warning to fellow Redditors and crypto enthusiasts, Andre’s post highlighted the ease with which hackers can use the feature to drain a user’s funds just by being able to type the first word from the BIP 39 list:

“This makes it easy to attack, get your hands on a phone, start any chat app, and start typing any words off the BIP39 list, and see what the phone suggests.”

Speaking to Cointelegraph, Andre — known as u/Divinux on Reddit — shared his shock when he first experienced his phone accurately guessing the 12–24 word seed phrase. “First, I was stunned. The first couple of words could be a coincidence, right?”

As a tech-savvy individual, the German crypto investor was able to reproduce the scenario wherein his mobile phone could accurately predict the seed phrases. After realizing the possible impact of this information if it went out to the wrong hands, “I thought I should tell people about it. I’m sure there are others who also have typed seeds into their phone.”

Andre’s experiments confirmed that Google’s GBoard was the least vulnerable, as the software did not predict every word in the correct order. However, Microsoft’s Swiftkey keyboard was able to predict the seed phrase right out of the box. The Samsung keyboard, too, can predict the words if “auto-replace” and “suggest text corrections” have been manually turned on.

Andre’s initial stint with crypto dates back to 2015 when he momentarily lost interest until he realized he could buy goods and services using Bitcoin (BTC) and other cryptocurrencies. His investment strategy involves purchasing and staking BTC and altcoins such as Terra’s LUNA, Algorand’s ALGO and Tezos’ XTZ, and “then dollar-cost averaging out into BTC when/if they moon.” The IT professional also develops his own coins and tokens as a hobby.

A safety measure against possible hacks, according to Andre, is to store significant and long-term holdings in a hardware wallet. To Redditors across the world, he advised: “Not your keys not your coins, do your own research, don’t FOMO, never invest more than you are willing to lose, always double-check the address you are sending to, always send a small amount beforehand and disable your PMs in settings,” concluding:

“Do yourself a solid and prevent that from happening by clearing your predictive type cache.”

Related: STEPN impersonators stealing users’ seed phrases, warn security experts

Blockchain security firm PeckShield recently warned the crypto community about a large number of phishing websites targeting users of the Web3 lifestyle app STEPN.

#PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic.twitter.com/cmWUcprMAN

— PeckShieldAlert (@PeckShieldAlert) April 25, 2022

As Cointelegraph reported, based on PechShield’s findings, hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users.

Access to seed phrase guarantees complete control over the user’s crypto funds via the STEPN dashboard.

Tags
Blockchain
Bitcoin
Altcoin
Google
Mobile Wallet
Iphone
Android
Smartphone
Samsung
Password
Related Posts
Apple May Remove Coinbase’s Mobile DApp Browser From App Store
After Google removed Ethereum-based decentralized application (DApp) browser MetaMask from its Android application store, Apple may now force Coinbase to remove the DApp browser feature from its crypto wallet application. According to a Reddit post published on Dec. 28, United States-based cryptocurrency exchange Coinbase warned its users that in order to comply with Apple’s mobile App Store policy, it might be forced to remove the DApp browser feature from its wallet application. Coinbase CEO Brian Armstrong commented on the post: “Coinbase CEO here. This is really unfortunate to see. Apple seems to be eliminating usage of Dapps from the App …
Altcoin / Dec. 29, 2019
Cryptocurrency Mobile App Downloads Stall Amid Price Surge: Report
Despite bitcoin’s (BTC) recent price surge, the download count of cryptocurrency-related mobile applications is not increasing, Bloomberg reports on June 28 Data form mobile app analytics firm App Annie shows that, while in the first half of 2018 there were 65.8 million cryptocurrency-related app downloads, in the first six months of this year there were 67 million, an increase of about 1.82%. This growth is not nearly as sharp as that reported in previous years, considering that the first half of 2017 saw 28.2 million crypto apps downloads from 2016’s 15.3 million, a 45% increase. Apps related to the industry …
Adoption / June 30, 2019
Samsung Announces Galaxy S10 Crypto Partners, Bitcoin and Ethereum Support
The new Galaxy S10 series smartphones by South Korean tech giant Samsung will apparently have wallet functions for Ethereum (ETH), Bitcoin (BTC) and two other tokens. A Samsung official spoke about the phone’s new features at the Mobile World Congress in Barcelona, Spain on Feb. 25. In its presentation, Samsung revealed various crypto and blockchain related projects featured on the smartphone, including support for Bitcoin, Ethereum, COSMEE token (COSM) and Enjin’s token (ENJ). COSMEE is a blockchain-enabled mobile beauty decentralized app (DApp) where users can earn and spend COSM tokens. Enjin is a cryptocurrency wallet which will reportedly be installed …
Blockchain / Feb. 26, 2019
BitTorrent to Begin Alpha Testing Blockchain-Based Streaming Platform
Major file sharing company BitTorrent, a subsidiary of blockchain company Tron, is going to internally test its blockchain-based live streaming platform in Q3 2019. Platform overview BitTorrent announced the news in an official blog post on Aug. 27. According to the announcement, the streaming platform — called BitTorrent Live (BLive) — supports live video content and an instant messaging service. Additionally, its underlying system reportedly contains a top user chart and a user relationship feature. BitTorrent intends to roll out BLive in alpha, beta and full versions from Q3 2019 to Q1 2020. The current alpha version features a small …
Blockchain / Aug. 28, 2019
Samsung’s Budget Smartphones Will Reportedly Have Cryptocurrency and Blockchain Features
Budget smartphones released by South Korean consumer electronics giant Samsung will reportedly feature cryptocurrency and blockchain features, local English-language local media Business Korea reports on May 14. Per the report, the crypto and blockchain-related functionality included in the Samsung S10 will be included in other Galaxy smartphone models. The electronics producer also reportedly plans to cooperate with telecommunications companies on blockchain-based mobile identification cards and local currencies. Chae Won-Cheol, senior managing director of the product strategy team at Samsung Electronics' Wireless Business Division, reportedly said: “We will lower barriers to new experiences by gradually expanding the number of Galaxy models …
Blockchain / May 14, 2019