A startup has discovered a vulnerability present in major cryptocurrency wallets that leads to double-spend attacks and inflated balances by exploiting existing protocols.
The ‘family’ of vulnerabilities, named BigSpender, was discovered in some of the world’s most popular cryptocurrency wallets including Ledger, Bread and Edge.
Ledger told cryptocurrency magazine Decrypt that the scam was a “clever piece of trickery.”
ZenGo, the startup behind the discovery, spotted the problem while researching the security of bitcoin wallets. In their report, the keyless cryptocurrency wallet stated that BigSpender was found as part of “ongoing security research.”
Essentially, what they found was that BigSpender shows users incorrect bank balances. These balances incorporate unconfirmed transactions into their totals, and fail to reveal that the transaction had actually been revoked.
This type of crime is nothing new. All peer-to-peer transactions carry the risk of one party hoodwinking the other.
How BigSpender does this is by leveraging the bitcoin protocol Replace-by-Fee (RBF). This entails swapping one transaction with a low transaction fee for one with a higher one.
For example, bitcoins with a lower transaction fee are replaced with higher crypto asset ones.
In the world of crypto, more expensive transactions are prioritized over smaller ones.
By swapping a low-cost transaction for a higher one, transactions can be bumped up in the queue and redirected to a different address. This is what allows bad actors to double-spend.
“The core issue at the heart of the BigSpender vulnerability is that vulnerable wallets are not prepared for the option that a transaction might be canceled and implicitly assume it will get confirmed eventually,” the Zengo researchers explained.
This leads to users’ balances being increased without the transaction being confirmed, and not decreased if the transaction is double spent and canceled.
Smi24.net — ежеминутные новости с ежедневным архивом. Только у нас — все главные новости дня без политической цензуры. Абсолютно все точки зрения, трезвая аналитика, цивилизованные споры и обсуждения без взаимных обвинений и оскорблений. Помните, что не у всех точка зрения совпадает с Вашей. Уважайте мнение других, даже если Вы отстаиваете свой взгляд и свою позицию. Мы не навязываем Вам своё видение, мы даём Вам срез событий дня без цензуры и без купюр. Новости, какие они есть —онлайн с поминутным архивом по всем городам и регионам России, Украины, Белоруссии и Абхазии. Smi24.net — живые новости в живом эфире! Быстрый поиск от Smi24.net — это не только возможность первым узнать, но и преимущество сообщить срочные новости мгновенно на любом языке мира и быть услышанным тут же. В любую минуту Вы можете добавить свою новость - здесь.
