- The NIST website mentioned a vulnerability in the iOS version of the Binance Trust Wallet app.
- Experts claim that the program uses a “weak” PRNG, which makes it easier to hack wallets.
- The appeal is under review.
The National Institute of Standards and Technology (NIST) website posted a note about a potential vulnerability in the Binance Trust Wallet app for iOS devices. Experts noted that it could pose a threat to wallet owners.
As the source that notified the agency about the vulnerability, the non-profit Mitre Corporation is indicated. The appeal is under review.
The notice states that the Binance Trust Wallet app incorrectly uses the trezor-crypto library. As a result, the experts noted, the only data field for generating mnemonic phrases is the device’s time.
This, in turn, produces a “loophole” through which an attacker can create mnemonics for each timestamp in a specified period, linking them to specific addresses, the post said.
Notably, in late January 2024, Milk Sad experts, citing SECBIT Labs, published a report detailing this vulnerability. They also linked it to the July 2023 hacks.
Because of this glitch, the application uses a “weak” pseudo-random number generator (PRNG) with a 31-bit initial state, the experts explained. This makes it much easier to hack, they believe.
Incrypted requested comments from Trust Wallet and Binance, but did not receive a prompt response. We will update the news when and if we receive information.
Earlier, we reported that Bitcoin-NFT was listed in the US National Vulnerability Database. Before that, Bitcoin Core team member Luke Daszhr said that the “inscriptions” exploit a vulnerability in the blockchain.
