The National Institute of Standards and Technology (NIST) has posted a post about a potential vulnerability in the Binance Trust Wallet app for iOS devices. Experts noted that it could pose a threat to wallet owners.
The source that notified the agency about the vulnerability is the non-profit Miter Corporation. The appeal is currently under consideration.
The note states that the Binance Trust Wallet app is not using the trezor-crypto library correctly. As a result, as experts noted, the only data field for generating mnemonic phrases is the device time.
This, in turn, creates a backdoor through which an attacker can create mnemonics for each timestamp in a specified period, associating them with specific addresses, the entry says.
Notably, at the end of January 2024, Milk Sad experts, citing SECBIT Labs, published a report detailing this vulnerability. They also linked her to the July 2023 hacks.
Because of this glitch, the application uses a “weak” pseudo-random number generator (PRNG) with a 31-bit initial state, experts explained. This makes hacking much easier, they say.