The major cryptocurrency exchange Binance‘s wallet application Trust Wallet has come under the radar of the United States. The National Institute of Standards and Technology (NIST), a branch of the US Department of Commerce (DOC), is reviewing the Trust Wallet application for a potential security vulnerability that could allow hackers to steal money from cryptocurrency wallets.
Binance’s Trust Wallet iOS Version Poses Risks
NIST, an institution responsible for supporting innovation and competitiveness in the US, has uncovered allegations that Binance’s Trust Wallet application misused the “trezor-crypto library” to generate mnemonic words for a particular version. It was noted that these words, which are very important for wallet security, can only be verified at the entropy source.
NIST emphasized that a similar security flaw was exploited in the past, in July 2023, leading to significant economic losses. The institution warned that attackers could systematically create mnemonics for specific wallet addresses within a certain timeframe, potentially leading to the theft of funds from these wallets. Information regarding this security vulnerability was disclosed on February 8, and further analysis is expected to identify the real-world effects of the security flaw.
In parallel, SECBIT Labs, a participant in the CVE program supported by the US Department of Homeland Security (DHS), initiated an investigation into the Trust Wallet application for iOS following numerous reports of compromised Ethereum wallets. Researchers traced an old security flaw in the Trust Wallet’s iOS platform version dating back to 2018 and linked it to a major hacking incident that occurred on July 12, 2023.
At Least 6,572 Unique Wallet Addresses Identified at Risk of Fund Loss
Independent research conducted by security researcher Milk Sad identified at least 6,572 unique wallet addresses at risk of fund loss. Researchers discovered that the Trust Wallet application for iOS used open-source code to create new cryptocurrency wallets and employed insecure functions within the “trezor-crypto library,” which was not designed for production. Sad confirmed the existence of vulnerable wallet addresses and suggested they could have been involved in the hack attacks.
Upon completion of the investigation, NIST will give the application a base score reflecting its severity on a scale from 0 to 10. While authorities and experts continue to investigate the issue, Binance Trust Wallet users, especially those on iOS, are advised to be cautious and stay alert to potential security threats.
