Main menu

Pages

US investigates Binance Trust wallet



In recent months, Binance has faced increased scrutiny from various regulators and agencies. It's Trust Wallet's turn to take center stage. The US National Institute of Standards and Technology is looking into this case and highlights a potential security vulnerability. What kind of loophole is this?



American Institute of Standards and Technology Looking for the iOS version of Trust Wallet.


Trust Wallet is a “non-custodial” wallet associated with the giant exchange Binance and acquired by the exchange in 2018. The wallet app is available on Android and iOS devices and is compatible with over 1 million tokens and cryptocurrencies and 50 Blockchain.


Currently, the version of the wallet for iOS is being reviewed and audited by National Institute of Standards and Technology in the United States of America. The institute believes there may be a security vulnerability in the application. In fact, this indicates that the process of generating declarative statements is incorrect:


"Trust Wallet Binance misuses the trezor-crypto library. Therefore, it creates meta statements in which the time displayed on the device is the only source of entropy. This results in economic losses similar to the exploit that occurred in July 2023."


In particular, an attacker (bad hacker) can generate metaphrases (time stamps) hourly and associate them with specific addresses to steal funds from the corresponding wallets.


Older versions of Trust are more vulnerable and all forked wallets may have the same flaw!


The research team confirmed Sekbit Labs The existence of this vulnerability is believed to have existed since 2018. It is estimated to have led to major thefts in July last year, as also pointed out by the National Institute of Standards and Technology. Secbit Labs also urged users to be careful:

"Unfortunately, Trust Wallet bypassed the warnings by choosing to execute code directly in the live environment. These omissions accelerated the generation of low-entropy metawords that could be easily predicted. (...) Users using older versions of the Trust Wallet application are at risk "


Moreover, a detailed report from Secbit Labs shows that many existing wallets are forks of Trust Wallet. This means that it could also include this vulnerability.


At the moment, the Binance exchange has not commented on this issue. But a report from the National Institute of Standards and Technology will likely shed more light on the issue.


Denial of responsibility


All information published on our website is offered in good faith and for general information purposes only. Therefore, any actions, actions or decisions taken by the reader in reliance on this information are solely the responsibility of it and its affiliates individually, and the site does not accept any legal liability for these decisions.






Comments