Trust Wallet app for iOS contains a vulnerability
The US National Institute of Standards and Technology is investigating the Binance-owned Trust Wallet iOS app for vulnerabilities.
According to the description, the wallet software does not use the trezor-crypto library correctly. As a result, the only source of entropy for generating mnemonic phrases is device time.
The bug opens the door for Trust Wallet exploits. An attacker can systematically create mnemonics for each timestamp and associate them with specific addresses to steal funds.
The application, submitted by the non-profit organization MITER Corporation, is pending review. It contains links to relevant vulnerability studies by specialists from the Milk Sad and SECBIT Labs projects . The results were published in January.
Experts have identified at least 6,500 at-risk wallets. According to them, exploits already implemented led to the loss of almost 33 BTC in just the three largest incidents in July 2023.
Binance acquired the Trust Wallet provider in the summer of 2018. The mobile application specialized primarily in Ethereum assets, and only towards the end of the year did the team add support for Bitcoin.
The first desktop version of the wallet was a solution for devices running macOS in 2019.
What's Your Reaction?
![Transfer/ Postings Senior Superintendent Police Hyderabad [Notifications]](https://pakweb.pro/uploads/images/202402/image_100x75_65d7bb0f85d5f.jpg)
