{"id":71474,"date":"2024-02-15T08:27:38","date_gmt":"2024-02-15T12:27:38","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=71474"},"modified":"2024-02-15T08:27:42","modified_gmt":"2024-02-15T12:27:42","slug":"us-department-of-commerce-investigates-binance-trust-wallet-ios-app","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/us-department-of-commerce-investigates-binance-trust-wallet-ios-app\/","title":{"rendered":"US Department of Commerce Investigates Binance Trust Wallet iOS App"},"content":{"rendered":"\n

A division of the U.S. Department of Commerce is analyzing the Binance Trust Wallet <\/a>application in search of a vulnerability that could enable a malicious actor to steal funds from users' crypto wallets.<\/p>\n\n\n\n

\"US
US Department of Commerce Investigates Binance Trust Wallet iOS App <\/figcaption><\/figure>\n\n\n\n

The agency responsible for advancing U.S. innovation and industrial competitiveness, the National Institute of Standards and Technology (NIST), has identified a variant of the Binance Trust Wallet application that “misuses the trezor-crypto library” to produce mnemonic words that are exclusively verifiable at the entropy source.<\/p>\n\n\n\n

Data generation occurs at a physical location known as an entropy source. According to NIST, a similar vulnerability was exploited in July 2023, resulting in economic losses. It elaborated:<\/p>\n\n\n\n

\u201cAn attacker can systematically generate mnemonics for each timestamp within an applicable time frame and link them to specific wallet addresses<\/a> in order to steal funds from those wallets.\u201d<\/p>\n\n\n\n

Since its disclosure on February 8, the information has presently been undergoing evaluation to ascertain the practical magnitude of the vulnerability.<\/p>\n\n\n\n

\"\"
Binance Trust Wallet app for iOS under investigation for vulnerability. Source: NIST<\/figcaption><\/figure>\n\n\n\n

@@<\/p>\n\n\n\n

After many Ether wallets were compromised, Secbit Labs reportedly investigated the Binance Trust Wallet app for iOS, as reported by CVE, a program sponsored by the U.S. Department of Homeland Security\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a>. <\/p>\n\n\n\n

The investigators identified a trusted wallet generation vulnerability in the iOS version of the wallet from 2018 and established a correlation between it and the significant robberies that occurred on July 12, 2023.<\/p>\n\n\n\n

Milk Sad conducted an independent investigation and discovered a minimum of 6,572 distinct wallet mnemonics that pose a financial risk.<\/p>\n\n\n\n

It discovered that the Trust Wallet app for iOS utilized unintended-for-production open-source functions in the “trezor-crypto library” to generate new cryptocurrency wallet. After verifying their existence, the statement accused the weak wallets of involvement in the Milk Sad thefts.<\/p>\n\n\n\n

NIST will assign a severity-based base score between zero and ten to the application's vulnerability following the conclusion of the investigation.<\/p>\n","protected":false},"excerpt":{"rendered":"

A division of the U.S. Department of Commerce is analyzing the Binance Trust Wallet application in search of a vulnerability that could enable a malicious actor to steal funds from users’ crypto wallets. The agency responsible for advancing U.S. innovation and industrial competitiveness, the National Institute of Standards and Technology (NIST), has identified a variant […]<\/p>\n","protected":false},"author":12,"featured_media":71480,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[834],"tags":[5521,18427,10743,18428],"class_list":["post-71474","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-binance","tag-binance-2","tag-ios-app","tag-trust-wallet","tag-us-department-of-commerce"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2024\/02\/image-51.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/71474","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=71474"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/71474\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/71480"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=71474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=71474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=71474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}