ZenGo Finds Three Bitcoin Wallets Vulnerable To Double Spending

Jyoti  |  Jul 2, 2020

A new study reveals that transacting Bitcoin from the wallet could be unsafe now. Recently, the blockchain researchers at ZenGo, a wallet startup, scrutinized around three major crypto wallets .i.e., Ledger Live, Edge and Breadwallet (BRD) and found them to be vulnerable. The investigators believe that there are some wallets in the market, facing vulnerability.

BigSpender Bug Exploits RBF

It has been found the hackers used the BigSpender bug. With the help of this bug, the hacker can double-spend the user’s funds and also restrict him from using his own wallet.

The bug manipulates the flaw present in the replace-by-fee (RBF) function of Bitcoin to make the wallet vulnerable.

The CEO of ZenGo, Ouriel Ohayon, while talking about the bug in his email, mentioned, “[BigSpender] can lead to substantial financial losses and in some cases to make the victim’s wallet totally unusable with no way for the victim to protect themselves. So this can be seen as a high severity attack”.

The core codebase of Bitcoin has several other vulnerabilities like timelocked transaction, etc. but among them, RMF function is the one that helps users to send the amount back and forth. The developer community accepted this so that it could help the Bitcoiners in avoiding the slow confirming time, but to do so, the Bitcoiners would have to pay more fees to it.

ZenGo Receives Bounty From Two Wallets

Since the beginning, the people among the Bitcoin community were doubtful about this RBF function. Some of the people even claimed that the Bitcoin wallet would not support this function, still, the developers added the function at the protocol layer of Bitcoin.

ZenGo mentioned that presently it has analyzed nine wallets and out of which three are vulnerable.

When ZenGo found about this vulnerability, it soon informed the firms and asked to fix the issues within 90 days. Ledger and BRD already completed it and even paid an undisclosed amount to ZenGo. On the other hand, Edge has been working on to resolve the issue.

Articles You May Read.

    Related News