Cybercrime investigators in the United States are looking into a potential weakness in the Binance Trust Wallet iOS app. By guessing security terms known as mnemonics, attackers would be able to steal money thanks to the weakness.
The National Institute of Standards and Technology (NIST), a U.S. organization that establishes best practices and standards for technology and cyber security, has identified a potential vulnerability for the iOS version of "Binance Trust Wallet."
On February 8, the vulnerability was added to the CVE database, which is a list of critical problems that could have caused or have actually caused material losses or harm. NIST is looking into it to find out how serious the vulnerability is in the real world.
The database entry indicates that the vulnerability has already been used in the wild. The way it used the trezor-crypto library in July 2023 made it possible for attackers to guess security words and steal money from digital wallets.
NIST stated in its update that a hacker can create mnemonics for every timestamp in a reasonable amount of time and associate those mnemonics with particular wallet addresses to steal money from those wallets.
In 2023, Trust Wallet experienced numerous cyberattacks that resulted in losses of approximately $4 million. Binance purchased the wallet in 2018. Since then, Binance has launched its own Web3 wallet.
The Trust Wallet is now a distinct legal organization that is not a part of the Binance group and runs separately from Binance.com, according to an email from a Binance representative.
