Critical Vulnerability in iOS Version of Binance Trust Wallet Raises Concerns: Exploited in the Wild, NIST Reports
Crypto News – The National Institute of Standards and Technology (NIST), a leading authority in technology and cybersecurity standards, has identified a potential vulnerability in the iOS iteration of “Binance Trust Wallet.”
This critical flaw has been documented in the CVE database, a repository for significant issues capable of causing substantial harm or financial losses. NIST commenced its investigation upon its addition to the database on February 8, aiming to assess its real-world impact.
According to the database entry, the vulnerability has already been exploited in live environments. In July 2023, malicious actors leveraged this flaw to deduce security phrases, enabling them to pilfer funds from digital wallets. The vulnerability stemmed from the utilization of the trezor-crypto library within the wallet’s architecture.
NIST’s update elaborated on the exploit’s modus operandi, revealing that attackers could systematically generate mnemonic phrases corresponding to each timestamp within a specific timeframe. Subsequently, these phrases were linked to particular wallet addresses, facilitating unauthorized fund withdrawals.
The incidence of multiple cyberattacks in 2023 resulted in substantial financial losses exceeding $4 million for Trust Wallet. Originally acquired by Binance in 2018, the wallet’s operational autonomy from Binance.com is emphasized by a spokesperson, clarifying its status as a distinct legal entity.
Despite the severity of the situation, Trust Wallet’s official communication channels, including its X (formerly Twitter) profile, have yet to acknowledge or address the vulnerability. This underscores the urgency for users to remain vigilant and implement any available security updates promptly.
Leave a comment