The National Institute of Standards and Technology is investigating the iOS version of the Binance Trust Wallet app for a vulnerability that could be exploited to steal funds from cryptocurrency wallets.
An agency of the United States Department of Commerce is investigating the Binance Trust Wallet app for a vulnerability that could allow an attacker to steal funds from cryptocurrency wallets.
According to the National Institute of Standards and Technology (NIST), the agency in charge of promoting U.S. innovation and industrial competitiveness, a specific version of the Binance Trust Wallet app “misuses the trezor-crypto library” to generate mnemonic words that can only be verified at the entropy source.
An entropy source is the physical location from which data is generated. NIST stated that a similar vulnerability was exploited in July 2023, resulting in economic losses. It explained,
“To steal money from those wallets, an attacker can generate mnemonics for each timestamp in a time frame that suits them and associate those mnemonics with specific wallet addresses.”
After being made available to the public on February 8, analysis is still pending to ascertain the vulnerability’s actual scope.
According to CVE, a program sponsored by the United States Department of Homeland Security, Secbit Labs began investigating the Binance Trust Wallet app for iOS after numerous Ether ETH$2,791 wallets were compromised. The researchers discovered an older wallet generation vulnerability in the iOS platform version of Trust Wallet from 2018 and linked it to the large thefts on July 12, 2023.
It discovered the Trust Wallet app for iOS, which used open-source code to generate new cryptocurrency wallets by calling unsafe functions in the “trezor-crypto library” that were not intended for production. After confirming that the weak wallets existed, it claimed that they were involved in the Milk Sad thefts.
Following the investigation, NIST will assign a base score to the app’s vulnerability, ranging from 0 to 10, based on its severity.
