CVE-2024-23660

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 202...

PT-2024-20010 · Trezor +1 · Trezor-Crypto +1

Name of the Vulnerable Software and Affected Versions: Binance Trust Wallet app for iOS version 0.0.4 Description: The Binance Trust Wallet app for iOS misuses the trezor-crypto library, generating mnemonic words that use the device time as the only entropy source. This has led to economic losses...