US National Institute of Standards and Technology explores Binance-owned Trust Wallet iOS app for vulnerabilities.
According to the description, the wallet software does not use the trezor-crypto library correctly. As a result, the only source of entropy for generating mnemonic phrases is device time.
The bug opens the door for Trust Wallet exploits. An attacker can systematically create mnemonics for each timestamp and associate them with specific addresses to steal funds.
The application, submitted by the non-profit organization MITER Corporation, is pending review. It contains links to relevant vulnerability studies by project specialists Milk Sad And SECBIT Labs. The results were published in January.
Experts have identified at least 6,500 at-risk wallets. According to them, exploits already implemented led to the loss of almost 33 BTC in just the three largest incidents in July 2023.
Binance acquired the Trust Wallet provider in the summer of 2018. The mobile application specialized primarily in Ethereum assets, and only towards the end of the year did the team add support for Bitcoin.
The first desktop version of the wallet was a solution for devices running macOS in 2019.
Source: Cryptocurrency
I am an experienced journalist and writer with a career in the news industry. My focus is on covering Top News stories for World Stock Market, where I provide comprehensive analysis and commentary on markets around the world. I have expertise in writing both long-form articles and shorter pieces that deliver timely, relevant updates to readers.
