Taurus CSO and Co-Founder Jean-Philippe Aumasson revealed that the popular crypto wallet TronLink uses a weak form of encryption.
The TronLink wallet is a decentralized wallet that has local storage of private key, physical insulation, and multi-layer algorithm encryption in order to ensure data security.
Despite this, Aumasson claims that TronLink’s mnemonics are poorly encrypted as it uses the AES-ECB code. With this, the user’s 12-word mnemonic phrase is cryptographically protected. Mnemonics is a list of 12 words that can be used as a private key, which controls access to the user’s crypto wallet transactions. However, ECB mode fails to protect encrypted data.
Aumasson pointed out this flaw:
with a key that is just SHA256(password):https://t.co/6WyrIq2p2P
that’s all I found after 20min of auditing
— JP Aumasson (@veorq) September 28, 2020
ECB has been criticized by many security analysts for being a weak form of security. These include cybersecurity firm NotSoSecure which explained ECB as “a popular encryption mode, but at the same time, quite weak.”
Aumasson admitted that this affects those who use this particular wallet and not all Tron (TRX) holders’ wallets. He added that it is “not a niche application used by 15 persons.”
In addition, Aumasson suggested that TRX holders must take precautionary actions. Even before, Tron has already been accused of not taking security seriously. In fact, in 2018, Tron allegedly plagiarized its white paper.
In spite of the criticism of its crypto wallet, Tron still seems to continue innovating its platform. This is shown after partnering with custody specialist BitGo to bring DeFi tokens Wrapped BTC (WBTC) and Wrapped Ethers into the TRON ecosystem.
On the other hand, according to Coingecko, TRX’s price is $0.026 with a 24-hour trading volume of $1.2 billion, at the time of writing. It’s been faring well in the crypto market, with a 95.7% gain recorded this year.