“My phone just guessed my crypto wallet seed phrase” – how your phone can be the vulnerability you don’t see coming

  • The seed phrase is supposed to be the primary way you can protect and recover your cryptocurrency wallet, but what if your phone can correctly predict this phrase through predictive text?
  • One German investor discovered the vulnerability, with his phone able to predict every word in his seed phrase after typing in the first one, and he has some advice for you.

Phishing campaigns, hacks, rug pulls, pyramid schemes, dubious crypto projects – the crypto world is full of traps through which you can easily lose your entire investment in a heartbeat. But what if your own phone could be the biggest vulnerability that you don’t see coming?

One German crypto investor took to Reddit to document how he found that his phone could predict his seed phrase correctly, presenting a unique vulnerability should it land in the wrong hands.

Seed phrases are a random combination of words that act as your primary security and access points for your wallet. Usually ranging from 12-24 words, seed phrases allow you to recover your wallet from any device by just keying in the words. On the flip side, anyone who accesses your seed phrase has control over your wallet and can access it and wipe it clean.

33-year-old Andre, a German IT professional who has also been investing in crypto for years, posted on Reddit about how his Samsung smartphone was able to predict his seed phrase word-for-word when he typed the first word.

“…predictive typing remembers your used words and will suggest the second word as soon as you type the first one, especially if it’s a word you do not commonly use,” Andre, who goes by u/Divinux on the social media platform, posted.

This makes it easy to attack, get your hands on a phone, start any chat app, and start typing any words off the BIP39 list, and see what the phone suggests.

The investor further highlighted that Microsoft’s Swiftkey keyboard was the best at predicting the seed phrase, remembering the order of the words correctly every time. Samsung’s internal keyboard was also quite good, but only if you have manually enabled “auto-replace ” and “suggest text corrections.” Google’s Gboard wasn’t as good as the other two, getting only a few words from the seed phrase.

Speaking to a crypto news outlet, Andre stated:

First I was stunned – the first couple [of]words could be a coincidence, right? I thought I should tell people about it; I’m sure there are others who also have typed seeds into their phone.

His advice?

Do yourself a solid and prevent that from happening by clearing your predictive type cache.

Source