This post is a Public Service Announcement:
Several vulnerable versions of the cryptocurrency wallet software Cake Wallet
released in 2020-2021 created extremely weak Bitcoin wallets.
If you’re a Cake Wallet user or know someone who is, we urgently recommend checking if you
-> still use a vulnerable old wallet software version
-> still use an old and weak Bitcoin mnemonic seed generated with a vulnerable version
Affected wallets are at risk of immediate and complete loss of all Bitcoin funds.
If you think this affects you, we strongly recommend moving your funds to a new Bitcoin wallet generated by a known-good Cake Wallet
application version (or a different cryptocurrency wallet software).
Context
Bitcoin wallets generated with vulnerable Cake Wallet
versions are based on insecure randomness, which means that the secret keys for them can be reconstructed and misused by attackers similarly to the other wallet vulnerabilities we’ve described on this website. This has been well-known since the vendor’s public Reddit advisory post on 2021-05-11.
The vulnerable wallet mnemonics are 12-word seed phrases in Electrum format and all have the “Segwit” type. They look like normal BIP39 mnemonic phrases but are incompatible, meaning only Electrum-compatible software can use them. Other coin types and mnemonic format variations are not affected, based on what we know at the moment.
Possible scenarios of why this can still be relevant today:
- The user still has a
Cake Wallet
application version beforev4.1.7
installed that was never patched, and continues to use it. This could happen via a manual Android.apk
installation, for example. - The user generated and exported a weak wallet mnemonic from a vulnerable
Cake Wallet
version and re-imported it in a newerCake Wallet
version or other compatible wallet software such as Electrum.
We’re in contact with Cake Labs
about this. Starting with version v4.12.0
released in December 2023, Cake Wallet
will try to detect and warn about the continued local use of known vulnerable mnemonics due to our help, which covers a known subset of ca. 8700 wallets.
More information and technical details will follow at a later date.