A division of the U.S. Department of Commerce is analyzing the Binance Trust Wallet application in search of a vulnerability that could enable a malicious actor to steal funds from users’ crypto wallets.
The agency responsible for advancing U.S. innovation and industrial competitiveness, the National Institute of Standards and Technology (NIST), has identified a variant of the Binance Trust Wallet application that “misuses the trezor-crypto library” to produce mnemonic words that are exclusively verifiable at the entropy source.
Data generation occurs at a physical location known as an entropy source. According to NIST, a similar vulnerability was exploited in July 2023, resulting in economic losses. It elaborated:
“An attacker can systematically generate mnemonics for each timestamp within an applicable time frame and link them to specific wallet addresses in order to steal funds from those wallets.”
Since its disclosure on February 8, the information has presently been undergoing evaluation to ascertain the practical magnitude of the vulnerability.
@@
After many Ether wallets were compromised, Secbit Labs reportedly investigated the Binance Trust Wallet app for iOS, as reported by CVE, a program sponsored by the U.S. Department of Homeland Security.
The investigators identified a trusted wallet generation vulnerability in the iOS version of the wallet from 2018 and established a correlation between it and the significant robberies that occurred on July 12, 2023.
Milk Sad conducted an independent investigation and discovered a minimum of 6,572 distinct wallet mnemonics that pose a financial risk.
It discovered that the Trust Wallet app for iOS utilized unintended-for-production open-source functions in the “trezor-crypto library” to generate new cryptocurrency wallet. After verifying their existence, the statement accused the weak wallets of involvement in the Milk Sad thefts.
NIST will assign a severity-based base score between zero and ten to the application’s vulnerability following the conclusion of the investigation.
