Popular crypto wallet provider Trust Wallet disclosed on April 15 that it received “credible intel” about a high-risk zero-day exploit being sold on the Dark Web to target iOS users.
According to the software developer, this flaw could allow hackers to gain unauthorized access to users’ personal data.
Trust Wallet Reports Personal Information Sale on Dark Web
Trust Wallet shared its discovery in an X post, explaining the dangers of the zero-day exploit targeted at iMessage.
1/2: ⚠️ Alert for iOS users: We have credible intel regarding a high-risk zero-day exploit targeting iMessage on the Dark Web.
This can infiltrate your iPhone without clicking any link. High-value targets are likely. Each use raises detection risk. #CyberSecurity
— Trust Wallet (@TrustWallet) April 15, 2024
A zero-day exploit is a cyber attack that takes advantage of a previously unknown vulnerability in software. These exploits can go undetected for an extended period and are used to gain unauthorized access to systems and steal data. As detailed in the X post, iOS users and the entire crypto ecosystem could be at risk.
Trust Wallet CEO Eowyn Chen also shared a screenshot on X that reportedly depicts a zero-day exploit for sale on the Dark Web for $2 million.
Neither the crypto wallet provider nor its CEO disclosed where this information came from or if there were any casualties, however.
Due to this post getting a lot of views & comments, we thought we'd elaborate further for the community:
How did we come by this intel?
Trust Wallet is constantly monitoring multiple avenues for any and all security threats to our users, alongside security partners &… https://t.co/Z7vFtMENIp— Trust Wallet (@TrustWallet) April 15, 2024
To address the issue, Trust Wallet advised users to disable iPhone iMessage until Apple fixes the gap.
Despite Trust Wallet’s assertion, some industry experts expressed skepticism about the source’s credibility.
Pseudonymous blockchain researcher Beau questioned the authenticity of the evidence, suggesting that it only showed a claim of having an exploit rather than concrete proof.
If this is your “credible intel” it’s embarrassing. You don’t have evidence of a iOS exploit you have a screenshot of a guy claiming to have an exploit. Huge difference
— Beau (@beausecurity) April 15, 2024
Trust Wallet clarified that the intel came from its “security team and partners” who were responsible for ongoing threat monitoring.
Apple’s Crypto Criticism Continues
Trust Wallet’s security alert follows a series of threats discovered on the Apple App Store.
Fake versions of Rabby Wallet and the Unisat Wallet were uncovered in the store, although the duration of their availability in the store remains unknown.
In addition, the National Institute of Standards and Technology (NIST) identified a vulnerability in the iOS version of the Binance Trust Wallet application in February. They warned that the vulnerability could allow bad actors to access and divert funds from users’ cryptocurrency wallets.
As a precaution, industry figures like Errata Security CEO Robert Graham advised users with large crypto holdings to transfer their assets away from iOS devices.