The use of Trezor technology might be creating issues for the cryptocurrency wallet app
A US Department of Commerce agency is examining an old version of the “Binance Trust Wallet app” for its susceptibility to allowing attacks to swipe customer funds from their crypto wallets. In particular, iOS devices may be at risk.
The National Institute of Standards and Technology (NIST) had been commissioned to promote US industrial competitiveness and innovation and has found that a specific Trust Wallet App version “misuses the trezor-crypto library” to develop mnemonic words that only the entropy source can verify.
An entropy source is the actual location from where the information is developed. NIST reported that attackers manipulated a similar exposure in July 2023, which led to financial losses. The report states:
“An attacker can systematically generate mnemonics for each timestamp within an applicable time frame, and link them to specific wallet addresses in order to steal funds from those wallets.”
According to the CVE program, supported by the US Department of Homeland Security, Secbit Labs started investigating the Trust Wallet app for iOS after multiple Ether wallets were compromised. Researchers found a weakness in an older generation wallet in the Trust Wallet iOS platform in 2018 and tied it to the extensive thefts on July 12, 2023.
Milk Sad conducted an independent study that discovered at least 6,572 unique wallet mnemonics were at risk. It also found the Trust Wallet app for iOS employed an open-source code for opening new crypto wallets using dangerous functions in the “trezor-crypto library” that weren’t developed for production. After the weak wallets were confirmed, it was believed they were related to the Milk Sad thefts.
NIST will assign a base score to the app’s vulnerability after its investigation, ranging from 0-10, depending on the severity of the issue.
