A US Department of Commerce department is looking into the Binance Trust Wallet app to see whether there’s a security hole that may enable hackers to steal cryptocurrency.
An unofficial build of the Binance Trust Wallet “misuses the trezor-crypto library” to create mnemonic words that can only be validated at the entropy source, says the National Institute of Standards and Technology (NIST), an organization responsible for fostering innovation and industrial competitiveness in the United States.
Any point in physical space from which information is derived is called an entropy source. According to NIST, economic damages occurred in July 2023 as a result of an attack on a comparable vulnerability.
Publication occurred on February 8th, and study is ongoing to ascertain the extent of the vulnerability in the actual world.
The Binance Trust Wallet app for iOS was under investigation by Secbit Labs after the hacking of many Ether wallets, according to CVE, a program supported by the U.S. Department of Homeland Security. Finding a vulnerability in an earlier wallet generation in the 2018 iOS platform version of Trust Wallet, the researchers were able to link it to the massive robberies that occurred on July 12, 2023.
Cointelegraph reached out to Binance for comment, but the exchange did not answer. Nevertheless, Milk Sad discovered 6,572 distinct wallet mnemonics that put cash at risk in their own analysis.
It was discovered that the iOS app Trust Wallet was utilizing unapproved methods from the “trezor-crypto library” to create new bitcoin wallets using open-source code. Once it verified the existence of the weak wallets, it accused them of being engaged in the Milk Sad thefts.
When the inquiry is complete, NIST will give the app’s vulnerability a base score between zero and ten, indicating how serious it is.