As concerns over the security of cryptocurrency assets continue to mount, the National Institute of Standards and Technology (NIST) has launched an extensive investigation into a critical vulnerability discovered in the iOS version of the Binance Trust Wallet. The central focus of the inquiry centers around the improper utilization of the trezor-crypto library, a key component responsible for generating mnemonic words crucial to securing users’ cryptocurrency funds.
Over 6,500 Wallet Mnemonics Could Be At Risk
In an unusual move, Binance has chosen to remain silent on these security concerns. However, an independent investigation conducted by Milk Sad has uncovered alarming risks. Milk Sad’s findings have identified over 6,500 wallet mnemonics that may be at risk due to insecure functions within the trezor-crypto library. This revelation directly links to the methods observed in previous instances of cryptocurrency theft, underscoring the seriousness of the identified flaw.
Simultaneously, the CVE database, supported by the US Department of Homeland Security, has initiated an inquiry into the Trust Wallet through Secbit Labs. This investigation has identified a vulnerability in the iOS version of Trust Wallet dating back to 2018, with a direct correlation to significant thefts recorded on July 12, 2023.
“An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses to steal funds from those wallets,” NIST wrote in its update.
In an unrelated development, the sentencing for Binance’s founder, Changpeng Zhao, initially scheduled for Feb. 23, has been postponed to April 30, according to reports. The reasons for this delay remain undisclosed, and Zhao’s legal representatives have refrained from providing any comments.
Trust Wallet Issues: Vulnerability And User Data Woes Plague Binance
The Trust Wallet vulnerability is just one of the numerous challenges currently facing Binance. Rumors have surfaced regarding a potential system leak and allegations concerning the availability of Binance user data on GitHub. Despite these speculations, Binance has vehemently denied any breaches, reassuring its community about the integrity and safety of its accounts.
NIST’s ongoing investigation is expected to conclude with the assignment of a base severity score, ranging from 0 to 10. This score is crucial in reflecting the potential risk the identified vulnerability poses to users and providing guidance on the seriousness of the security concern.
As these investigations unfold and challenges persist, users are strongly encouraged to maintain a heightened level of vigilance. Staying informed about the evolving situation, following guidance from relevant authorities and security experts, and implementing recommended security measures are essential in safeguarding cryptocurrency assets within this dynamic landscape.
Featured image from Freepik, chart from TradingView