An alleged vulnerability affecting the iOS version of Binance Trust Wallet was listed on the National Institute of Standards and Technology’s (NIST) vulnerability database. Trust Wallet’s CEO denied the allegations on February 15, assuring the security of Binance Trust Wallet users.
Vulnerability Claims and Trust Wallet’s Response
Originally published on February 8, the notice claims that an unwarranted party “exploited” the vulnerability in July 2023, “leading to economic losses.”
“An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets,” the notice read.
Despite the investigation appearing public on NIST’s website, Trust Wallet posted to their X account that users of the iOS app have not been affected by the vulnerability since July 2018.
Hey Trust Wallet fam,
We’d like to address some articles that have recently been published by some prominent Crypto media outlets, regarding the security of Trust Wallet.
For clarity on two main points: users assets are #SAFU and we are NOT being investigated by the US…
— Trust Wallet (@TrustWallet) February 15, 2024
“In 2018, besides fixing the code, our founder informed all affected users (Yes we were small enough to know all users at that time) and offered a migration path,” he explained.
“Besides fixing the code itself, Trust Wallet’s founder took swift and proactive steps to inform all impacted users and provided them with a secure migration path, ensuring no user was left vulnerable,” a blog post on the company’s website reads. “The identified vulnerable wallet addresses in the Trust Wallet database are also found to not have balances anymore.”
“For clarity on two main points: users assets are #SAFU and we are NOT being investigated by the US government,” the post stated.
Are Trust Wallet Users Safe?
Media dissemination of the NIST notice comes after Trust Wallet experienced a number of headline-grabbing events in the last year.
In one instance, a Trust Wallet user took to X in February 2023 to post that he was the victim of a scheme that cost him $4 million. Trust Wallet later tweeted to confirm that the user was the target of a complicated social engineering scheme devised by an organized crime unit in Rome, Italy, while assuring users that their apps were safe to use.
“Trust Wallet mobile apps and extension are security audited and pen-tested by our internal security team as well as external 3rd party security auditors too,” the company posted to X at the time. “Rest assured if you use Trust Wallet your assets are safe but it is important to remain vigilant.”
Trust Wallet CEO Asserts “Strategic Partnership” With Binance
Binance originally acquired the self-custody wallet in July 2018 through cash, BNB tokens, and the company’s stock. The crypto exchange then launched its own Web3 wallet in November 2023, causing a major decline in the Trust Wallet’s native token, TWT.
Trust Wallet CEO Eowyn Chen posted on X Thursday to clarify that despite reports, Trust Wallet is “separate from Binance” but is “in a strategic partnership.”
At the time of publication, Trust Wallet and Binance were not immediately available regarding cryptonews.com’s request for comment.