US authorities have discovered a potential vulnerability in the Binance Trust Wallet app for iOS
A mention of a vulnerability in the iOS version of the Binance Trust Wallet application appeared on the NIST website.
A record has appeared on the website of the National Institute of Standards and Technology (NIST) about a potential vulnerability in the Binance Trust Wallet application for iOS devices. Experts noted that it can pose a threat to wallet owners.
The non-profit structure Mitre Corporation is listed as the source that notified the agency about the vulnerability. The appeal is under consideration.
The note indicates that the Binance Trust Wallet application does not use the trezor-crypto library correctly. As a result, as experts noted, the only data field for generating mnemonic phrases is the device time.
This, in turn, produces a "loophole" through which an attacker can create mnemonics for each timestamp in a specified period by linking them to specific addresses, the record says.
Notably, at the end of January 2024, Milk Sad experts, with reference to SECBIT Labs, published a report detailing this vulnerability. They also linked her to the July 2023 break-ins.
Because of this glitch, the application uses a "weak" pseudorandom number generator (RNG) with a 31-bit initial state, experts explained. This greatly simplifies hacking, they say.
