U.S. Department of Commerce Probes Binance Trust Wallet's Potential Security Vulnerability
Summary:
The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) is investigating a potential vulnerability in the Binance Trust Wallet app that could allow an attacker to steal cryptocurrency. This follows a similar flaw exploited in July 2023. Researchers from SECBIT Labs are also looking into the matter after several Ether wallets were hacked. A separate study by Milk Sad identified the risks in 6,572 unique wallet mnemonics. Post-investigation, NIST will score the vulnerability of the app based on the severity of the potential threat.
A division of the U.S. Department of Commerce (DOC) is probing the Binance Trust Wallet app for a potential flaw that might enable an assailant to commit cryptocurrency theft. The National Institute of Standards and Technology (NIST), a DOC agency dedicated to bolstering American innovation and industrial competitiveness, disclosed that a particular version of the Binance Trust Wallet app incorrectly handles the trezor-crypto library to create mnemonic phrases verifiable only at their entropy source, a physical zone for data production. Notably, this flaw mirrors a previous one from July 2023 that led to financial losses. NIST elaborated that an assailant could manipulate the mnemonics and connect them to certain wallet addresses in a bid to illicitly siphon funds. The findings, unveiled on February 8, are awaiting analysis to understand the extent of this vulnerability.
Initiated by the U.S. Department of Homeland Security (DHS), the CVE program confirmed SECBIT Labs initiated a probe into the vulnerability of the Binance Trust Wallet app for iOS devices after several Ether (ETH) wallets suffered security breaches. The investigators traced back an old wallet generation flaw in the 2018 version of the iOS Trust Wallet which pointed to major thefts that transpired on July 12, 2023.
Binance did not furnish a response to Cointelegraph's request for a comment. Separate research carried out by Milk Sad unveiled a total of 6,572 distinct wallet mnemonics susceptible to the risk of fund loss. Milk Sad further discovered the iOS Trust Wallet app utilized an open-source code to generate cryptocurrency wallets using insecure functions in the 'trezor-crypto library' not intended for final production. Despite confirming the existence of weak wallets, it implicated these in the Milk Sad thefts. Following its investigation, NIST will assign a base score ranging from 0-10 to the vulnerability factor of the app, based on its severity.
Published At
2/15/2024 10:53:56 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.