Crypto Hardware Wallet Ledger: ‘Funds are Safe' After ‘BigSpender' Vulnerability Found

ZenGo found the vulnerability in Ledger, Edge, and BRD that could lead to a double-spend and an incorrect balance on the wallet. The basic double-spend, amplification attack, & Denial-of-Service (DoS) exploits can be launched easily with minimal risk and small amount.

A vulnerability was recently discovered by ZenGo in popular cryptocurrency wallets Ledger, Edge, and BRD. Named BigSpender, the vulnerability could lead to a double-spend and an incorrect balance on the wallet.

Double-spending is spending the same money more than once and preventing it is one of the most critical tasks of any digital currency system.

The issue with BigSpender is that “vulnerable wallets are not prepared for the option that a transaction might be canceled and implicitly assume it will get confirmed eventually.”

This negligence results in increasing a user’s balance on an unconfirmed incoming transaction but doesn't decrease if the transaction is double-spent.

Other implications included the state of canceled transactions not updated in the users' transaction history, canceled transactions’ coins still being selected by the wallet’s software, and user interfaces not well distinguished from a confirmed state.

Easy with Minimal Risk

The vulnerability was found while investigating the handling of Bitcoin’s Replace-by-Fee (RBF) feature, a standard method that allows users to “undo” a yet to be confirmed transaction by sending another transaction, spending the same coins with a higher fee.

Due to RBF’s standard nature, attackers can easily and with minimal risk launch the basic double-spend, amplification attack, and Denial-of-Service (DoS) BigSpender exploits.

According to the ZenGo report, in some of the vulnerable wallets, this attack is hard or even impossible to recover from in which DoS attack becomes permanent.

Attackers don’t even need a big amount of money to launch the attack, they only pay for the small cancellation fees. And they do it by sending a small amount to many users of a vulnerable wallet as it doesn’t need the consent of victims which are then unable to use their funds.

Funds are Safe

BRD has related a fix while Edge and Ledger are working on it. Ledger and BRD have already handed bug bounty awards to ZenGo.

“There is no actual double-spend being performed. The user funds stay safe,” Ledger told Forbes.

In its official response, Ledger reassured that “it’s not a vulnerability, but instead a clever piece of social engineering where a malicious actor would try to trick you.” The vulnerability cannot be used to get the 24-word recovery phrase or access your crypto in any way. Your funds are safe, it said.

ZenGo has also released an open-source tool checking your BigSpender vulnerability in Bitcoin wallets.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

AnTy
AnTy
AnTy has been involved in the crypto space full-time for over two years now. Before her blockchain beginnings, she worked with the NGO, Doctor Without Borders as a fundraiser and since then exploring, reading, and creating for different industry segments.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3,470FansLike
2,795FollowersFollow
4,233FollowersFollow

Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

Second Half of 3-Yr Bull Market: Ether’s Crazy Run has 90% of its Supply in Profit

This past weekend, the price of Ether went past $400 to as high as about $420, a level last seen in July 2018. This...

Teenage Mastermind Behind the Twitter Hack Owns $3.39 Million in Bitcoin (300 BTC); Bail Set At $725k

The 17-year old Twitter-hack mastermind holds over $3 million in BTC value with only $725,000 set for bail. In a bizarre moment last month, Twitter...

Bitcoin (BTC) Jumped to $100,000 on Binance Futures

There have been several predictions that see Bitcoin hitting a six-digit figure. On Sunday, this became a reality, very briefly, thanks to an algorithm. Bitcoin...

Flash Crash Caused Serious Network Congestion for ETH, ETC, And ERC 20 Tokens on Coinbase

On August 1, the Ethereum's blockchain faced a spike in network transaction fees, causing a backlog in transfers across several exchanges. Coinbase and Binance,...

Bitcoin’s Wild Weekend Reminiscent of 2017 Bull Rally, ‘Higher Highs Ahead in 2020'

This past weekend, bitcoin had a rough time as the largest cryptocurrency made its way past $12,000 to $12,112 in trading just after midnight...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today