Jannat Ara

NIST Investigates Security Vulnerability in Binance Trust Wallet’s iOS App

Overview: The National Institute of Standards and Technology (NIST), under the U.S. Department of Commerce, is examining a security vulnerability within the iOS version of Binance Trust Wallet. This flaw could potentially lead to unauthorized access and fund diversion from users’ cryptocurrency wallets.

Nature of Vulnerability: The investigation focuses on the improper use of the trezor-crypto library in generating mnemonic words, essential for securing user funds. The vulnerability, reminiscent of a previous incident in July 2023, may allow attackers to manipulate mnemonic generation to link them to specific wallet addresses for unauthorized fund withdrawals.

Current Efforts: NIST’s examination, initiated on Feb. 8, aims to assess the practical implications and impact extent of the vulnerability meticulously. Additionally, the CVE database, supported by the U.S. Department of Homeland Security, is conducting an inquiry into Trust Wallet through Secbit Labs, following unauthorized accesses to Ether wallets.

Risk Assessment: An independent investigation has identified over 6,500 wallet mnemonics at potential risk due to insecure functions within the trezor-crypto library. This exposure aligns with methods employed in previous theft incidents, highlighting the severity of the flaw.

Outcome and Severity Score: NIST’s investigation will conclude with the assignment of a base severity score, indicating the vulnerability’s risk level to users. This assessment will assist users in understanding the gravity of the security flaw and taking appropriate precautions.

Other Challenges for Binance: Apart from the Trust Wallet vulnerability, Binance is addressing rumors of a system leak following allegations on X regarding user data availability on GitHub. Binance has vehemently denied any breaches and assured the community of its accounts’ integrity and safety.

Founder’s Sentencing Delay: Furthermore, the sentencing for Binance’s founder, Changpeng Zhao, scheduled for Feb. 23, has been postponed to April 30, as reported by CNBC. The reasons for this delay remain undisclosed, with Zhao’s lawyer declining to comment.

Powered by Crypto Expert BD

Follow us on Twitter: https://x.com/CryptoExpert_BD

Join our Telegram channel: https://t.me/CryptoExpert_BD

Leave a Comment