Cyber Resilience

CVE-2024-23660

HighPublic PoC

Published: 08 February 2024

Published
08 February 2024
Modified
15 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0019 40.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23660 is a high-severity PRNG (CWE-338) vulnerability in Binance Trust Wallet. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 40.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the…

more

wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

binance
trust wallet
0.0.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-338

Security associations share details on cryptographically weak PRNGs, helping avoid their implementation in security-critical functions.

addresses: CWE-338

Cryptographic key management standards require cryptographically strong PRNGs for key material, blocking use of weak generators.

References