Last night, the cryptocurrency wallet provider Trust Wallet warned the entire crypto community by revealing shocking details about a potential fraud that would exploit a vulnerability in the iMessage function of iOS devices.
On the dark web there is evidence of a hacker who would be selling personal information of a user, extracted from an iPhone through iMessage, for 2 million euros.
In the midst of the general turmoil, there have been criticisms from some computer experts who claim the spread of unverified news by Trust Wallet.
Let’s see all the details below.
Trust Wallet and the alert for an alleged digital fraud exploiting a vulnerability in the iMessage function for iOS devices
Trust Wallet, one of the main providers of solutions for self-custody of cryptocurrencies, yesterday evening launched an alarm that shocked the entire community.
According to alleged “credible information”, the company has announced through a tweet on X that on all devices iOS, more precisely within the iMessage section, there is a vulnerability that could allow hackers to take control of the iPhone.
1/2:
Alert for iOS users: We have credible intel regarding a high-risk zero-day exploit targeting iMessage on the Dark Web.
This can infiltrate your iPhone without clicking any link. High-value targets are likely. Each use raises detection risk. #CyberSecurity
— Trust Wallet (@TrustWallet) April 15, 2024
The most worrying thing about this warning is that, according to what Trust Wallet has reconstructed, there wouldn’t even be a need for user interaction (click on malicious link, malware, etc.) to compromise the device.
The company has emphasized how data from “zero-day” exploits, which exploit a security vulnerability in the software, hardware, or firmware of a computer, are currently being sold on the dark web for 2 million euros, targeting high-end accounts as victims.
Trust Wallet suggests anyone with an iOS phone to disable the “toggle iMessage” function, going through the device settings in the “messages” section.
Even Eowyn Chen, CEO of the same company producing cryptographic wallets, emphasized the seriousness of the situation by showing a screenshot of the ransom requested by a hacker on the dark web for information extracted in this kind of exploit.
Threat intel detected an iOS iMessage zero-day exploit for sale in the Dark Web. It is a zero click exploit to take over control of the phone via iMessages. Its asking price is $2M. This would make sense for very high value individual targets, as more the zero-day is used,… https://t.co/KTKgW6uCuv pic.twitter.com/6ULRgVSxjc
— Eowync.eth (@EowynChen) April 15, 2024
According to some security researchers at Kaspersky, Apple’s iMessage application has been used for other cyber attacks in the past.
Now, if the vulnerability is confirmed by the same tech giant, a software update will probably be released to “fix” the problem.
According to the latest estimates, about 280 decentralized networks are currently at risk, with a total capital amounting to 25 billion dollars.
More details on the issue: the company responds after being accused of spreading fake news
The alarm launched by Trust Wallet regarding the alleged “zero-day” exploit that exploits iMessage to target iOS users has received such great media attention that it has fueled the intervention of industry computer experts.
The threat identified by the non-custodial wallet provider has not been welcomed with confidence by several users who have criticized the alleged “reliability” and “truthfulness” of the information disseminated.
In particular, the user “Beau“, who is in charge of security for the NFT project “Pudgy Penguins“, stated that a screenshot of a boy claiming to have an exploit is not a reliable proof of a vulnerability in progress, and that in case of concern the company should have first contacted Apple before spreading unreliable information.
The Trust Wallet post, which received 1.2 million views in four hours on X, according to Beau could bring FUD and unjustified panic within the crypto sector.
Obviously, the CEO of the company did not fail to respond, stating that sometimes it is “better to prevent than to cure.”
This is Trust Wallet’s “Intel” of an iOS exploit.
They have a screenshot of a guy claiming to have an exploit. Criminals post stuff like this daily on forums. Often it’s meant to scam other hackers.
Completely irresponsible to make the claim they did with this info. https://t.co/FqzOAE4aQt
— Beau (@beausecurity) April 15, 2024
Amidst the community debate, another skeptical comment has also come from the cryptographic analyst “Foobar”, who criticized the origin of the “sources“.
Trust Wallet just a few hours after the incident, then published another post in which it tried to explain where the information about the alleged exploit came from, citing a reliable partner team and researchers dedicated to cybersecurity topics.
Reiterating its commitment to protecting the crypto community from any kind of threat, the company stated that:
“Your security is fundamental and we will continue to share risks like this with our users and with the wider cryptographic community.”
The wallet provider then clarified that she is not opposed to Apple products and supports the convenient “iMessage” service, but in delicate situations like these it is better to deactivate the toggle in the settings and limit communication to exchanging messages via SMS or other messaging services.
Due to this post getting a lot of views & comments, we thought we’d elaborate further for the community:
How did we come by this intel?
Trust Wallet is constantly monitoring multiple avenues for any and all security threats to our users, alongside security partners &… https://t.co/Z7vFtMENIp— Trust Wallet (@TrustWallet) April 15, 2024