USA Investigates Trust Wallet iOS App

15 Feb, 2024 ● Coin news

A division of the United States Department of Commerce is examining the Binance Trust Wallet app for a potential vulnerability that could enable attackers to steal cryptocurrency funds.

As per the National Institute of Standards and Technology (NIST), which promotes American innovation, a specific version of the Binance Trust Wallet app "misuses the trezor-crypto library" to create mnemonic phrases that can only be authenticated at the source of entropy.

An entropy source is a physical location where data is generated. NIST highlighted a similar vulnerability exploited in July 2023, resulting in financial losses. It elaborated:

"An attacker can systematically create mnemonics for each timestamp within a relevant time frame and associate them with specific wallet addresses to pilfer funds."

This disclosure was made public on Feb. 8 and is now under scrutiny to assess the actual extent of the vulnerability.

According to CVE, a U.S. Department of Homeland Security-sponsored program, Secbit Labs initiated an inquiry into the Binance Trust Wallet app for iOS after several Ether wallets were compromised.

They traced an older wallet generation flaw in the iOS version of Trust Wallet from 2018 and linked it to the major thefts on July 12, 2023.

Binance did not respond to Cointelegraph's request for comment. Nonetheless, an independent investigation by Milk Sad uncovered at least 6,572 unique wallet mnemonics at risk of fund loss.

It found that the Trust Wallet app for iOS utilized open-source code for generating new cryptocurrency wallets using unsafe functions in the "trezor-crypto library," not intended for production.

Upon confirming the existence of vulnerable wallets, it alleged their involvement in the Milk Sad thefts.

Following the investigation, NIST will assign a base score to the app's vulnerability, ranging from 0 to 10, based on its severity.

Sources:

https://cointelegraph.com/news/us-binance-trust-wallet-ios-vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-23660

https://www.cve.org/CVERecord?id=CVE-2024-23660

https://secbit.io/blog/en/2024/01/19/trust-wallets-fomo3d-summer-vuln/

Back to Coin news

USA Investigates Trust Wallet iOS App

Nansen Integrates Solana Analytics Technology

Grayscale To Convert Multi-crypto Fund Into ETF

Australia Launches First ETF Directly Holding Ethereum

Crypto Short Liquidations Surpass $100 Million

Strictly necessary
Strictly necessary means that essential functions of the Website can not be provided without using them. Because these cookies are essential for the properly working and secure of Website features and services, you cannot opt-out of using these technologies. You can still block them within your browser, but it might cause the disfunction of basic website features. Setting privacy preferences Secure log in Secure connection during the usage of services Filling forms
Performance and Functionality
Analytics and performance tracking technologies to analyze how you use the Website. Most viewed pages Interaction with content Error analysis Testing and Measuring various design effectivity
Advertising and Marketing
The Website may use third-party advertising and marketing technologies. Promote our services on other platforms and websites Measure the effectiveness of our campaigns

USA Investigates Trust Wallet iOS App

Nansen Integrates Solana Analytics Technology

Grayscale To Convert Multi-crypto Fund Into ETF

Australia Launches First ETF Directly Holding Ethereum

Crypto Short Liquidations Surpass $100 Million

Don’t miss any crypto news

You’ve made us very happy 😊

Something went wrong 😔