Your Phone May Be Hacking Your Seed Phrase — and Putting Your Cryptocurrency at Risk

Published on:

One Reddit user claims that predictive text is the most dangerous adversary of cryptocurrency investors, making it simple for criminals and robbers to acquire a victim’s digital assets.

pexels noah erickson 404280

Table of Contents

  • How to Keep Safe

You should read this if you ever enter your seed phrase into your phone.

A Reddit user claims that his Android phone was able to determine his seed phrase, which might help hackers.

Users must input a phrase known as a “seed phrase” of 24 random words in order to access their digital assets.

Although this is intended to increase protection for cryptocurrency investors, u/Divinux on Reddit warned that smartphones could become the adversary. They stated:

“Predictive typing remembers your previous words and offers the second word as soon as you type the first, especially if it’s a word you don’t use all that often.

He said he was concerned that this might encourage criminals to steal phones and use them to enter passwords off BIP 39 lists in order to see what the phone suggests next.

BIP 39 lists consist of a specific set of words. It might take some effort to find the right starting phrase, but it is possible.

How to Keep Safe

A popular tip, according to u/Divinux, is to clear your predictive text cache on the smartphone — preventing it from remembering unusual terms.

This may be done on both Samsung and Apple smartphones and tablets.

Other Reddit users were concerned that the crypto apps he was using required him to type out his entire seed phrase in the first place.

When it came to the list of words, he added that this wallet now requests him to verify two terms at a time in any order — such as the 4th and 18th — noting:

“It’s likely I created a wallet, wrote down the seed, deleted the wallet, and restored it from the written down seed to double-check that I correctly recorded it before putting money into it.”

What’s the most effective technique to tell if you’re at risk?

He advised individuals to type “I love eating bicycles at midnight” into their browser address bar, then search, adding:

“Now close your browser, go to WhatsApp and start composing ‘I love’ in a chat. Note the next word it suggests. Continue following the phrase until the end for some fun!”

Some of those posting on the thread claimed that password fields should be secure, but the actual danger exists when someone is inputting a seed phrase in an unsecured environment.

They warned that copying and pasting seed phrases is a bigger issue. Clipboards can be snooped on by malicious apps, so it is important to be careful.