Cybercrime investigators in the United States are looking into a potential weakness in the Binance Trust Wallet iOS app. By guessing security terms known as mnemonics, attackers would be able to steal money thanks to the weakness.
The National Institute of Standards and Technology (NIST), a U.S. organisation that develops best practices and standards for technology and cyber security, has identified a potential vulnerability for the iOS version of “Binance Trust Wallet”.
On February 8, the vulnerability was added to the CVE database, which is a list of critical problems that could have caused or have actually caused material losses or harm. NIST is looking into it to find out how serious the vulnerability is in the real world.
The database entry indicates that the vulnerability has already been used in the wild. The way it used the trezor-crypto library in July 2023 made it possible for attackers to guess security words and steal money from digital wallets.
“An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets,” according to the update released by NIST.
In 2023, Trust Wallet had many cyber-attacks that resulted in losses over $4 million. Binance purchased the wallet in 2018. Since then, Binance has launched its own Web3 wallet.
According to a Binance representative, “Trust Wallet is now a separate legal entity that is not part of the Binance group and operates independently from Binance.com,” the email stated. The vulnerability has not been mentioned on the X (previously Twitter) profile of Trust Wallet.