Outoflegend

**Name of the Vulnerable Software and Affected Versions** Binance Trust Wallet app for iOS version 0.0.4 **Description** The Binance Trust Wallet app for iOS misuses the trezor-crypto library, generating mnemonic words that use the device time as the only entropy source. This has led to economic losses, as the issue has been exploited in the wild. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe and link them to specific wallet addresses to steal funds. **Recommendations** For version 0.0.4, consider disabling the use of the trezor-crypto library until a patch is available to prevent the generation of predictable mnemonic words. At the moment, there is no information about a newer version that contains a fix for this vulnerability.