KEY POINTS

  • There are many ways hackers can steal funds from crypto owners
  • The eaiest is by obtaining their seed phrase
  • A seed phrase is a series of words generated by a crypto wallet

Hackers can reportedly exploit a smartphone feature called text prediction to get a crypto owner's seed phrase and siphon off funds.

A Reddit user who goes by the name u/Divinux shared in a post in the cryptocurrency subreddit how hackers can easily use the text prediction tool in smartphones and mobile devices to obtain the seed phrase and gain access to the owner's crypto assets by just knowing the first word from the BIP39 list.

A seed phrase is a series of words generated by a crypto wallet that provides access to the digital assets linked with the wallet.

BIP39 is a design implementation that portrays how crypto wallets generate the mnemonic codes that consist of a mnemonic sentence. It also defines how the wallet transforms the codes into a binary seed utilized to create encryption keys used to facilitate cryptocurrency transactions.

The Reddit user explained that when one creates a new seed phrase in a wallet, some apps ask to key in the entire seed again. Apparently, predictive typing remembers the words used and will automatically suggest the second word as soon as the user types the first one.

At least one website has been hacked several times, losing hundreds of news reports critical of security forces' actions
At least one website has been hacked several times, losing hundreds of news reports critical of security forces' actions AFP / Tauseef MUSTAFA

In the Reddit user's case, since their smartphone was set for a different language, "it automatically adds typed words to the dictionary, which means my custom dictionary contains words in my language, and 24 English words," they shared. "This makes it easy to attack, get your hands on a phone, start any chat app, and start typing any words off the BIP39 list, and see what the phone suggests.," they added.

The Reddit user advised crypto owners to "Do yourself a solid and prevent that from happening by clearing your predictive type cache." They further provided links that contain a step-by-step guide on how to clear the predictive type cache in Android and iOS devices.

The Reddit user updated their post and said that "the wallet in question now presents a confirmation in the style of 'confirm the 4th and 18th word by choosing from a list.' However, had they failed to share this information online, the Reddit user said they would have likely generated a wallet and "restored it from the written down seed to make sure I wrote it down correctly before transferring funds into it."