U.S. NIST Flags Vulnerability for Binance Trust Wallet iOS App
A serious security vulnerability has been discovered in the iOS version of the Binance Trust Wallet. The flaw allowed attackers to generate wallet passwords and steal user funds, according to a notice in the U.S. National Institute of Standards and Technology’s (NIST) vulnerability database.
- Trust Wallet iOS app contained a flaw enabling password guesses for theft.
- Attackers were able to exploit a bug ‘in the wild’ during July 2023.
- Led to multiple cyber incidents, generating $4 million+ in losses last year.
The NIST database lists major cybersecurity weaknesses with the potential to cause significant financial or material damage. Researchers are still working to confirm the real-world impact of this iOS vulnerability.
Read more: Coinbase Surges Before Q4 Report Amid Bitcoin Rally
However, according to the description, the flaw enabled attackers to systematically generate wallet password phrases linked to specific wallet addresses. The bad actors could then access and steal funds from compromised accounts.
Trust Wallet iOS Bug Successfully Exploited in July
NIST says there is evidence this Trust Wallet iOS bug was successfully exploited in July 2023 to siphon money from victims’ accounts. Last year saw multiple Trust Wallet cyber incidents, resulting in over $4 million in losses to users.
“An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets,” NIST mentioned in the notice.
Read more: DEBT Box Fights SEC Bid To Exit Crypto Case
Binance acquired the multi-currency wallet app in 2018 but has since released its own proprietary cryptocurrency wallet. A spokesperson emphasized that Trust Wallet now “operates independently” as a separate legal entity.
While responsibility now primarily lies with Trust Wallet, the Binance brand still suffers due to the association, given its previous ties and endorsement of the wallet app.