Blender
AltcoinNews

ZenGo Developers Discovers Double Spend Flaw in Bitcoin Wallet

New research has revealed that the Bitcoin wallet is vulnerable, and the double spend feature could be exploited. According to the developers at ZenGo, a wallet startup, they have said that the vulnerability has been found in wallets like Ledger Live, Edge, and Breadwallet, with research on other wallets ongoing. According to the company, the double-spend feature can be triggered if a hacker gains access into a user’s wallet, thereby making it unusable to the owner.

Start Trading

Talking about how the exploit works, the developers at the Tel Aviv based company noted that the hackers exploit a crucial flaw in  bitcoin’s  replace by fee function. This function allows a user to replace an unconfirmed transaction with a transaction that has a higher fee. Giving his insight on the issue, ZenGo CEO, Ouriel Ohayon said in an email, “[BigSpender] can lead to substantial financial losses and in some cases to make the victim’s wallet unusable with no way for the victim to protect themselves. So this can be seen as a high severity attack.”

📰  Fisco Executive – Digital Yuan May Not Prevail Due to “the China Dream”

RBF loophole can be exploited to carry out the attack

trustcapital

Like other previously found loopholes in the bitcoin core codebase, such as the time unlocked transaction, the RBF function has presented a standard way for users to send and receive value. The developer community accepted it after some recent proposal to pass slow confirmations by paying more transaction fees. From the beginning, there were fears that Bitcoin wallets didn’t have the capacity to fully support the RBF function despite being integrated at the Bitcoin protocol layer.

Talking about the loophole, the famous pseudonymous Bitcoin researcher, 0xB10C, said, “ZenGo shows that a user can be tricked into thinking he is receiving bitcoin when he is not. I believe this to be novel. I’ve at least not heard about it before,” the bitcoin researcher said. The firm has already tested about nine wallets, including Ledger Live, Trust wallet, Exodus Edge, Bread, Coinbase, Blockstream Green, Blockchain, and Atomic wallet. Of the tested wallets, only three were found to possess the vulnerability described by the firm.

📰  Philippines’ Central Bank Sets up Committee to Study the Feasibility and Implications of Issuing a CBDC

Firms are already making adjustments to their wallets

After discovering the loophole, ZenGo alerted the respective firms about the loophole while giving them a 90-day ultimatum to fix the problem. “We have not tested all the wallets, but it could be that if three of the largest are implicated, more out there are too,” the CEO said. According to confirmed reports, Ledger and BRD have released code changes that show that the attack has been prevented and has paid an undisclosed bounty to ZenGo. Edge, on the other hand, is currently undergoing a significant refactor that will address the issue, according to Edge’s CEO, Paul Puey.

According to ZenGo, the flaw works easily; the hacker sends a large amount of Bitcoin to its victim and sets a meager confirmation fee, which means the transaction won’t be confirmed. The hacker cancels the transaction, but the victim notices an increase in their balance. If this is possible and done flawlessly, the double-spend protocol has been exploited, according to ZenGo. Denying ZenGos claims, CTO of custody startup, Casa, Jameson Lopp, noted that “You have to decide the definition of a double-spend. Most people that aren’t trolls would say that a double-spend is when you have a confirmed transaction that is somehow invalidated and spent with a different confirmed transaction.”

📰  US Bank Watchdog Gives Permission to Banks for offering Bank Accounts to Crypto Businesses and Custodian Services as well
vpn

Ifeanyi Egede

Ifeanyi Egede is a new writer on Tokenhell, his articles are cryptocurrency news and platform review based. We recommend following his latest posts as they are always very informative and super interesting.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close