Smartphone Text Prediction Guesses Crypto Hodler’s Seed Phrase

465
SHARES
1.5k
VIEWS

Seed phrases, a random combination of words from the Bitcoin Improvement Protocol (BIP) 39 list of 2048 words, act as one of the primary layers of protection against unauthorized access to a user’s crypto holdings. But what happens if predictive typing on your “smart” phone remembers and suggests the words the next time you try to access your digital wallet?

Andre, a 33-year-old IT professional from Germany, recently posted on the r/CryptoCurrency subreddit after discovering that his cell phone could predict the entire recovery phrase as soon as he typed the first word.

As a fair warning to fellow redditors and crypto enthusiasts, Andre’s post highlighted the ease with which hackers can use the feature to drain a user’s money by simply typing the first word from the BIP 39 list:

“This makes it easy to attack, grab a phone, launch a chat app and type words from the BIP39 list and see what the phone suggests.”

Speaking to Cointelegraph, Andre, aka u/Divinux on Reddit, shared his shock when he first experienced his phone literally guessing the 12-24 word seed phrase. “At first I was stunned. The first few words could be coincidence, right?”

Being a tech-savvy person, the German crypto investor was able to reproduce the scenario where his cell phone could accurately predict the seed phrases. After realizing the potential impact of this information if it fell into the wrong hands, “I felt I should tell people about it. I’m sure there are others who have also typed seeds into their phones.”

Andre’s experiments confirmed that Google’s GBoard was the least vulnerable, because the software didn’t predict every word in the correct order. However, Microsoft’s Swiftkey keyboard was able to predict the seed phrase right out of the box. Also, the Samsung keyboard can predict the words when “Auto replace” and “Suggest text corrections” are manually turned on.

Andre’s first stint with crypto dates back to 2015 when he briefly lost interest until he realized he could buy goods and services with Bitcoin (BTC) and other cryptocurrencies. His investment strategy involves buying and staking BTC and altcoins such as Terra (LUNA), Algorand (ALGO), and Tezos (XTZ) and “then average the dollar cost to BTC when/if they are moon.” The IT professional also develops his own coins and tokens as a hobby.

According to Andre, a security measure against possible hacks is to store significant and long-term positions in a hardware wallet. To Redditors around the world, he advises “not your keys, not your coins, do your own research, don’t do FOMO, never invest more than you’re willing to lose, always check the address you’re shipping to, always send a small amount in advance.” and disable your PMs in settings”, concluding:

“Do yourself a solid and prevent this from happening by clearing your predictive typing cache.”

Related: STEPN Impersonators Stealing User’s Seed Phrases Warn Security Experts

Blockchain security firm PeckShield warned the crypto community about a large number of phishing websites targeting users of the Web3 lifestyle app STEPN.

As Cointelegraph recently reported, based on PechShield’s findings, hackers are adding a counterfeit MetaMask browser plugin that allows them to steal seed phrases from unsuspecting STEPN users.

Access to seed phrase guarantees full control over the user’s crypto funds through the STEPN dashboard.