U.S. cyber authorities are investigating the iOS version of “Binance Trust Wallet” due to a potential vulnerability. Listed by the National Institute of Standards and Technology (NIST), the flaw was flagged on Feb. 8 in the CVE database, indicating serious issues that could lead to significant material damage or losses.
Exploited Flaw Raises Concerns
The vulnerability, which has already been exploited in the wild, poses a serious threat. In July 2023, attackers leveraged the flaw to guess security words and steal funds from digital wallets. NIST highlighted the flaw’s exploitation, stating that attackers could systematically generate mnemonics for each timestamp within a specific timeframe and link them to wallet addresses to facilitate fund theft.
Trust Wallet’s Troubled Past
During 2023, Trust Wallet endured several cyber incidents, culminating in over $4 million in losses. Acquired by Binance in 2018, Trust Wallet operates independently from Binance.com following its evolution into a separate legal entity. Despite the acquisition, Trust Wallet’s official X (formerly Twitter) profile has yet to address the reported vulnerability.
Official Response
NIST’s investigation aims to evaluate the severity of the vulnerability and assess potential countermeasures. Meanwhile, Binance has released its own Web3 wallet, distancing itself from Trust Wallet’s security lapses. As the probe continues, users are advised to exercise caution and monitor official channels for updates on the situation.
The emergence of vulnerabilities in widely used crypto wallets underscores the importance of robust cybersecurity measures in safeguarding digital assets in an increasingly interconnected digital landscape.
