NIST delves into vulnerability in Binance’s trust wallet, examining security flaw

The National Institute of Standards and Technology (NIST), a division of the United States Department of Commerce, is currently examining a specific vulnerability in the iOS version of the Binance Trust Wallet app. This investigation focuses on a security flaw that, if exploited, could potentially allow attackers to illegally access and redirect funds from users’ cryptocurrency wallets. The main concern is how the app improperly uses the trezor-crypto library to generate mnemonic words, which are crucial for securing user funds and should only be authenticated at the entropy source.

This issue is similar to a previous case in July 2023, where the exploitation of a similar vulnerability resulted in financial losses. NIST’s current efforts aim to carefully assess the possibility of manipulating mnemonic generation to fraudulently link them to specific wallet addresses, thereby making unauthorized fund withdrawals easier. The findings of this critical analysis, which were publicly disclosed on Feb. 8, seek to determine the practical implications and extent of the vulnerability’s impact.

At the same time, the CVE database, supported by the U.S. Department of Homeland Security, has launched an investigation into the Trust Wallet through Secbit Labs. This inquiry was prompted by a series of unauthorized accesses to Ether wallets. The investigation identified a vulnerability in the iOS version of Trust Wallet dating back to 2018, directly linking it to significant thefts that occurred on July 12, 2023.

Despite Binance’s silence regarding these security concerns, an independent investigation by Milk Sad has revealed a significant risk. The review identified over 6,500 wallet mnemonics that are potentially at risk, highlighting their vulnerability to insecure functions within the trezor-crypto library. This exposure is directly related to the methods used in the Milk Sad theft incidents, emphasizing the critical nature of the flaw.

Once NIST completes its investigation, a base severity score will be assigned to the app’s vulnerability, ranging from 0 to 10, indicating the potential risk it poses to users. This step is crucial in informing users about the seriousness of the security flaw.

The recent events surrounding the Trust Wallet vulnerability are not the only challenges Binance has faced. The cryptocurrency exchange has also been addressing rumors of a system leak following allegations on X about the availability of Binance user data on GitHub. Binance has firmly denied these claims and reassured its community about the integrity and safety of its accounts, stating that there have been no breaches.

In the meantime, the sentencing for Binance’s founder, Changpeng Zhao, has been postponed to April 30, from the original date of Feb. 23, as reported by CNBC. The reasons for this delay have not been disclosed, and Zhao’s lawyer has declined to comment.

Read more: Monero and Multichain collapse amid Binance’s recent announcement to delist.

Follow Us on Google News.