Binance Trust Wallet iOS App Vulnerability Listed on NIST, CEO Pushes Back Against Misinformation

cryptonews.com:

An alleged vulnerability affecting the iOS version of Binance Trust Wallet was listed on the National Institute of Standards and Technology’s (NIST) vulnerability database. Trust Wallet’s CEO denied the allegations on February 15, assuring the security of Binance Trust Wallet users.

Originally published on February 8, the notice claims that an unwarranted party “exploited” the vulnerability in July 2023, “leading to economic losses.”

“An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets,” the notice read.

Despite the investigation appearing public on NIST’s website, Trust Wallet posted to their X account that users of the iOS app have not been affected by the vulnerability since July 2018.

Hey Trust Wallet fam,

We’d like to address some articles that have recently been published by some prominent Crypto media outlets, regarding the security of Trust Wallet.

For clarity on two main points: users assets are #SAFU and we are NOT being investigated by the US…

— Trust Wallet (@TrustWallet) February 15, 2024

“In 2018, besides fixing the code, our founder informed all affected users (Yes we were small enough to know all users at that time) and offered a migration path,” he explained.

“Besides fixing the code itself, Trust Wallet’s founder took swift and proactive steps to inform all impacted users and provided them with a secure migration path, ensuring no user was left vulnerable,” a blog post on the company’s website reads. “The identified vulnerable wallet addresses in the Trust Wallet database are also found to not have balances anymore.”

“For clarity on two main points: users assets are #SAFU and we