The year 2024 has witnessed a surge in cryptocurrency activity, with notable gains observed in Bitcoin and various digital assets. However, amidst the excitement surrounding this growth, Binance, a key player in the cryptocurrency sphere, has come under scrutiny. Recent reports have surfaced indicating that a division of the United States Department of Commerce is investigating potential vulnerabilities within the Binance Trust Wallet app, raising concerns about the security of users’ funds.
NIST Flags Vulnerability
The National Institute of Standards and Technology (NIST), a U.S. agency dedicated to enabling innovation and cyber security, has identified a specific version of the Binance Trust Wallet app for misusing the trezor-crypto library. This misuse has the potential to generate mnemonic words that can only be verified at the entropy source, creating a vulnerability that attackers could exploit to steal assets from wallets. NIST further said,
“An attacker can systematically generate mnemonics for each timestamp within an applicable time frame, and link them to specific wallet addresses in order to steal funds from those wallets.”
The severity of this vulnerability has led to its inclusion in the Common Vulnerabilities and Exposures (CVE) database, which catalogs significant security issues with the potential to cause substantial harm or financial losses. Additionally, NIST is currently investigating to assess the real-world impact of the vulnerability and determine appropriate mitigation measures.
Also Read: Binance Coin (BNB) Price Prediction: Mid-February 2024
Past Cybersecurity Incidents
This latest development adds to a series of cybersecurity incidents that have affected Trust Wallet in the past. In 2023 alone, Trust Wallet experienced multiple breaches. This further resulted in losses exceeding $4 million. Acquired by Binance in 2018, Trust Wallet has been subject to scrutiny regarding its security practices.
Unsafe Functions in Open-Source Code
Furthermore, the investigation into the Trust Wallet app for iOS has revealed its use of open-source code for generating new cryptocurrency wallets, employing unsafe functions within the trezor-crypto library not intended for production environments. Allegations have surfaced linking these weak wallets to the Milk Sad thefts. This has further raised concerns about the security of funds within the Trust Wallet ecosystem.
Also Read: Binance Optimistic as Saudi Arabia Eyes Crypto Regulation in 2024