Trust Wallet counters investigation rumors and vulnerability concerns News โธ US โธ Binance โธ Technology
Trust Wallet counters investigation rumors and vulnerability concerns
Trust wallet said it had addressed the vulnerability issue promptly in 2018 upon discovery.
2 min read
Updated: Feb. 15, 2024 at 5:17 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Trust Wallet has denied reports that it is under investigation by the US government or its agencies, according to a Feb. 15 statement.
‘Binance Trust Wallet’ vulnerability
Earlier today, multiple reports indicated that the National Institute of Standards and Technology (NIST), a US agency responsible for setting technology and cybersecurity standards, is investigating a potential vulnerability in the iOS version of “Binance Trust Wallet.”
Binance told CryptoSlate that Trust Wallet now operates as a separate legal entity and is not part of the Binance group.
The vulnerability, listed in the CVE database on Feb. 8, alleged that a particular version of the Trust Wallet app improperly utilizes the trezor-crypto library to create mnemonic words that can only be authenticated at the entropy source.
According to NIST, this flaw has already been exploited in the wild, resulting in financial losses. The agency stated:
“An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.”
Trust wallet debunks report
In its rebuttal, Trust Wallet claimed that NIST operates a non-profit platform and database that allows the public to submit information for review and include it in the CVE database.
“The information highlighted in the news articles did not come from an official government-led investigation. Instead, the information was provided through a submission to a publicly accessible, open database, where independent representatives can submit vulnerability reports,” Trust Wallet added.
Regarding the identified vulnerability, Trust Wallet said it had addressed the issue promptly in July 2018 upon discovery. The firm stated that the vulnerability affected a limited subset of 10,000 downloads, and proactive measures were taken to safeguard users from potential risks.
In addition, the firm further disputed its implication in the July 2023 exploit. Trust Wallet asserted the affected wallets were not exclusive to its platform and likely stemmed from various sources.
According to the firm, only 600 out of over 2,000 addresses were traceable in its system, while only a third exhibited the 2018 vulnerability.
“We have high confidence that the 2018 Trust Wallet vulnerability was not the origin of the July 2023 security breach,” it concluded.
Mentioned in this article
Author 
Oluwapelumi Adejumo
Oluwapelumi values Bitcoin's potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.
Editor Editor 
Liam 'Akiba' Wright
Also known as "Akiba," Liam is a reporter, editor and podcast producer at CryptoSlate. He believes that decentralized technology has the potential to make widespread positive change.
Latest US Stories
In this article
Trust Wallet Token (TWT) is the official token of Trust Wallet, a user-friendly and versatile mobile cryptocurrency wallet that supports a wide range of assets across various blockchains.
Binance
Binance is a global cryptocurrency exchange that provides a platform for trading more than 100 cryptocurrencies.
Trust (Binance’s official wallet) is a mobile wallet that supports Ethereum and ERC20, ERC223 tokens.