The Trust Wallet, a cryptocurrency storage application by leading exchange Binance, is currently being investigated by the National Institute of Standards and Technology (NIST) of the US Department of Commerce for a serious security deficiency. This flaw may allow cybercriminals to access and steal users’ funds. As NIST probes this vulnerability, Trust Wallet users are urged to exercise increased vigilance.
Concerns Over Mnemonic Words Generation in Trust Wallet
NIST has pinpointed concerns regarding the misuse of the trezor-crypto library in the Trust Wallet application’s iOS version, which is used to produce mnemonic words essential for the security of crypto wallets. It has been identified that verification of these words is only possible at the entropy source, which is a potential security risk.
Drawing attention to a similar security breach that led to substantial financial damages in July 2023, NIST cautions that hackers could methodically create mnemonics for certain wallet addresses, potentially enabling the unauthorized withdrawal of funds. The security issue came to light on February 8, with further investigations ongoing to assess the extent of the threat.
SECBIT Labs, associated with the CVE program under the US Department of Homeland Security, is also reviewing the Trust Wallet following several reports of compromised Ethereum wallets. Researchers have linked an outdated security loophole in the Trust Wallet’s iOS iteration to a significant hacking event on July 12, 2023.
Risk Assessment Reveals Thousands of Vulnerable Wallets
An extensive analysis by security expert Milk Sad uncovered around 6,572 unique wallet addresses susceptible to theft due to the application’s use of insecure open-source code. Sad affirmed the existence of these vulnerable wallets, which may have been exploited in past hacking incidents.
NIST will assign a severity score to the Trust Wallet application once the investigation concludes. Meanwhile, Trust Wallet users, particularly those on iOS, are encouraged to stay informed about the emerging security risks.