Binance has continued to come under the microscope of regulators and agencies in recent months. This time, it is the turn of its Trust Wallet to be scrutinised by the US National Institute of Standards and Technology. The institute has reported a potential flaw.
Binance: US investigation into its Trust Wallet – Vulnerability discovered
US agency investigates iOS version of Trust Wallet Trust Wallet is Binance’s ‘non-custodial’ wallet, acquired by the company in 2018. Available on Android and iOS, it supports more than a million tokens and cryptocurrencies, as well as 50 blockchains. It is the iOS version that is currently being reviewed by the National Institute of Standards and Technology.
The agency suspects that there is a flaw in the application. In particular, it points out that the process for generating mnemonic phrases is flawed:
‘Binance Trust Wallet […] incorrectly uses the trezor-crypto library, resulting in the generation of mnemonic phrases for which the time displayed on the device is the only source of entropy. This can lead to economic losses, as was the case with the exploit dated July 2023.’
In practical terms, this means that a malicious person could generate mnemonic phrases for each hour (timestamp) and associate them with specific addresses to steal funds from the portfolios concerned.
Older versions of the application could be vulnerable
The Secbit Labs research group has confirmed the existence of this flaw, which has been present since 2018. According to them, it was behind the major thefts last July, which were also mentioned by the National Institute of Standards and Technology. Secbit Labs is therefore urging users to exercise caution:
‘Users using outdated versions of the application could still be at risk.’
n addition, the report points out that several current wallets are derivatives of Trust Wallet. This suggests that they could also have this flaw. For the time being, Binance has not reacted to this issue, but it is likely that the report from the National Institute of Standards and Technology will shed some light on the matter.
