The US National Institute of Standards and Technology is currently investigating the Trust Wallet iOS app, which is owned by Binance, for vulnerabilities.
The description of the wallet software states that it is not correctly using the trezor-crypto library, leading to the device time being the only source of entropy for generating mnemonic phrases.
This bug creates a potential opening for Trust Wallet exploits, allowing attackers to systematically create mnemonics for each timestamp and associate them with specific addresses in order to steal funds.
The app was submitted by non-profit organization MITER Corporation and is currently awaiting review. It includes links to vulnerability studies conducted by specialists from the Milk Sad and SECBIT Labs projects, which were published in January.
According to these experts, there are at least 6,500 at-risk wallets. In just three major incidents in July 2023, the exploits implemented led to the loss of nearly 33 BTC.
Binance acquired Trust Wallet in the summer of 2018, initially focused on Ethereum assets but later adding support for Bitcoin.
