U.S. Cyber Authorities Investigate 'Binance Trust Wallet' iOS App for Vulnerabilities

The wallet has been the victim of multiple cyber attacks during 2023.

AccessTimeIconFeb 15, 2024 at 10:16 a.m. UTC
Updated Mar 9, 2024 at 2:15 a.m. UTC
  • U.S. cyber authorities are investigating a possible vulnerability in the Binance Trust Wallet iOS app.
  • The vulnerability would allow attackers to steal money by guessing security words known as mnemonics.

A potential vulnerability for the iOS version of "Binance Trust Wallet" has been listed by the National Institute of Standards and Technology (NIST), a U.S. agency that sets best practices and standards for technology and cyber security.

The vulnerability was added to the CVE database, which lists serious issues that could have, or have already, caused material damage or losses, on Feb. 8. It is being investigated by NIST to determine the real-world severity of the vulnerability.

The flaw has already been exploited in the wild, according to the database entry. In July 2023, it allowed attackers to guess security words and steal money from digital wallets because of the way it used the trezor-crypto library.

"An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets," NIST wrote in its update.

Trust Wallet suffered multiple cyber incidents in 2023, generating over $4 million in losses. The wallet was acquired by Binance in 2018. Binance has since released its own Web3 wallet.

"Trust Wallet is now a separate legal entity that is not part of the Binance group and operates independently from Binance.com," a Binance spokesperson said in an email.

Trust Wallet's X (formerly Twitter) profile has not posted about the vulnerability.

UPDATE (Feb. 15, 10:54 UTC): Adds Binance statement in penultimate paragraph.

Edited by Sheldon Reback.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.