Old Trust Wallet iOS vulnerability from 2018 may still affect some accounts
Trust Wallet accounts created between Feb. 5 and Aug. 21, 2018 on iOS devices may still be vulnerable to exploits, according to cybersecurity research firm SECBIT Labs.
An old vulnerability in the Trust Wallet iOS app may still affect individuals who created accounts with it — even if they no longer use Trust Wallet — according to a recent report from security researchers at SECBIT Labs. The vulnerability only existed from Feb. 5 through Aug. 21, 2018 and does not affect accounts created after that time period, the researchers stated. However, some users may be unaware that the vulnerability existed and may still be planning to use the exposed wallets.
The vulnerability was caused by two functions called by the Trust wallet in a Trezor library that were supposed to only be used for testing. Yet despite developer notes warning developers against their use, Trust Wallet accidentally included these functions in its iPhone wallet app, SECBIT claimed. This error allegedly allowed attackers to guess the private keys of some users and steal their funds. According to SECBIT, these accounts are still vulnerable even now.
This newly revealed vulnerability is allegedly separate and distinct from Trust Wallet’s browser extension flaw, which the Trezor team already acknowledged in April 2023.
In a Feb. 15 blog post responding to SECBIT’s claims, Trust Wallet stated that the vulnerability only affected a few thousand users, who were all notified and migrated to new wallets. Trust Wallet claimed that it patched the vulnerability in July 2018 and that its app is currently safe to use.
SECBIT finds vulnerability in Trust Wallet iOS app
The research team said it ran across the flaw while investigating a widespread attack on crypto wallets that occurred on July 12, 2023 that affected over 200 cryptocurrency accounts. Many of the accounts attacked had not been used for months or were stored on devices with no internet access, which should have made them extremely difficult to hack. In addition, the victims used many different wallet apps, with Trust Wallet and Klever Wallet being the most commonly used. This made the causes of the hack difficult to pinpoint, which piqued the curiosity of the researchers.
Upon further investigation, the researchers discovered that most of the victims’ addresses had first received funds between July and August 2018. However, their investigation came to a dead end shortly after this discovery, and they moved on to other research.
Then, on Aug. 7, 2023, the Distrust cybersecurity team announced that it had allegedly discovered a vulnerability in the Libbitcoin Explorer Bitcoin (BTC) app. Called “Milk Sad,” this Libbitcoin vulnerability allowed attackers to guess users’ private keys. After reading about this alleged flaw, the SECBIT team began to suspect that a similar flaw may have caused the July 12 attack.
The researchers reopened the investigation and began looking through versions of the Trust Wallet code published from July through August 2018. They discovered that the iOS versions of the app from this period used functions “random32()” and “random_buffer()” from Trezor’s crypto iOS library to generate mnemonic phrases.
These functions had developer notes warning against their use in production apps. For example, the notes for random32() stated, “The following code is not supposed to be used in a production environment. […] It’s only included to make the library testable. […] The message above tries to prevent any accidental use outside of the test environment.”
After investigating the code, the researchers allegedly discovered that it generated seed words that were not random enough to prevent them from being guessed by an attacker. This meant that any Trust Wallet account generated on an iOS device during this time was at risk of being drained, SECBIT claimed.
Related: US investigates Trust Wallet iOS app for vulnerability
In its report, SECBIT claimed to have generated a database of compromised addresses, which it then forwarded to the Trust Wallet team. It also claimed to have compared these addresses with the victims of the July 12 hack and found that 83% of the victims had wallets generated using the random32() and random_buffer() functions.
When Trust Wallet was confronted with this information, it allegedly told SECBIT it had already notified users privately in 2018. It also emphasized that the addresses had balances of zero and, therefore, could not be warned against losing funds. SECBIT alleged it urged Trust Wallet to publicly announce the vulnerability but that Trust Wallet did not comply. The firm says it published its findings only after Trust Wallet failed to make this public disclosure.
Despite its critical report, SECBIT pointed out that Trust Wallet is open-source, so some other wallet developer may have forked the code and caused its users to generate vulnerable addresses, or another wallet developer may have independently made the same mistake as Trust Wallet by using the Trezor crypto iOS library from this period to generate addresses. Researchers opined:
“Of course, the Trust Wallet may not be the only one who misused the trezor-crypto library. There may be many other unknown projects that have similar vulnerabilities. Someone could even blame the trezor-crypto library for quietly changing to an insecure default implementation, causing fatal flaws in projects that use it as an underlying dependency.”
According to SECBIT, Trezor updated its library on July 16, 2018, adding production-ready versions of the two functions. Even so, the vulnerability may still affect some users who created accounts in early 2018 but have never sent funds to them, the researchers claimed.
Trust Wallet’s response
Cointelegraph reached out to Trust Wallet for comment. In response, a representative pointed to the team’s Feb. 15 public statement about the issue. In this statement, the development team emphasized that the current version of Trust Wallet does not contain the vulnerability.
“We want to assure Trust Wallet users that their funds are safe and the wallets are safe to use,” the spokesperson stated. “Though there was a previous vulnerability in our open-source code in early 2018 affecting a few thousand users only,” they continued, “the vulnerability was quickly patched with the support of the security community — and affected users were notified and migrated into safe wallets.”
Trust Wallet pushed back against claims that it had not adequately informed users. “Trust Wallet’s founder took swift and proactive steps to inform all impacted users and provided them with a secure migration path,” said the spokesperson, “ensuring no user was left vulnerable.”
Trust Wallet also denied that most of the hacks were against accounts its app generated. Only “600 addresses out of the 2,000s hacked” were found in its user database, implying that most victims were not Trust Wallet users. Of these 600 users, some of them could have imported their addresses from another app, Trust Wallet claimed.
In contrast to SECBIT’s statement that 83% of the victim addresses were produced by the flawed code, Trust Wallet stated that “only one-third of them have the 2018 Trust Wallet historical vulnerability.” In its report, the team encouraged security researchers to make use of its bug bounty program and claimed that it is committed to keeping its wallet secure.
Related: Trust is the best strategy in crypto bear market — Trust Wallet CEO
In a July 12, 2023 report, the Klever wallet also confirmed that some of the victims of the attack had used its app. However, it claimed that all of the addresses had been imported and were not originally created by Klever.
Cointelegraph reached out to Trezor for comment. In response, the firm’s chief technology officer, Tomáš Sušánka, emphasized that the function at the core of the controversy was solely meant for testing and not for official project development use:
“[The function is] exactly as described in the source code, the function is not meant to be used in a production environment, and we provide explicit warnings of this. The function is replaced with a secure RNG on the Trezor itself. This function is meant solely for testing. We love open-source, but it is unrealistic to expect us to prevent any possible misuse of the many projects we have open-sourced. These projects are provided as is, without any warranties, as their licenses clearly depict.”
In SECBIT’s report, researchers warned iOS users with Trust Wallet accounts from this time period to migrate to new wallets and stop using the old ones. “It’s alarming that users may still use wallets created during the vulnerable period,” they stated. “Without awareness of the issue, they may face further loss of funds.”
Responses