Skip to content

Security company detects a double spending exploit in BTC wallets

July 3, 2020

On July 2nd, the crypto security company ZenGo identified A double-cost exploit for various popular Bitcoin wallets (BTC)Nickname ‘BigSpender’.

Out of nine cryptocurrency wallets tested by ZenGo, those from BRD, Ledger Live and Edge were vulnerable to attack. All three companies updated their products after ZenGo informed them of the threat The company warned that “millions” of crypto users could have been exposed to the exploit before it was identified.

Despite the platforms’ efforts to protect themselves against BigSpender, the Bitcoin Cash (BCH) booster Hayden Otto asserts that The vulnerability is inherent in Bitcoin and can still be attacked.

Bitcoin is vulnerable

Security company detects a double spending exploit in BTC wallets
Security company detects a double spending exploit in BTC wallets

BigSpender was discovered by ZenGo’s recent research into the Bitcoin function “Replace with Fee” (RBF).

According to the security company “RBF is a standard way that users can “undo” a transaction that has not yet been committedSubmit another transaction that issues the same currencies (but possibly with a different destination) at a higher rate. “

This is not the first time that an exploit has identified the vulnerability of this feature. to carry out a double-cost attack using a similar technique, which can clearly be seen in a video by Otto last December that quickly went viral. The exploit is only possible with zero commits.

“The technology is facilitated by RBF, a so-called logged ‘function’ by the developers of the Bitcoin Core that works when using BTC. The wallet software can make few concessions, which leads to a poorer experience for BTC users to try to protect them. “

The BCH promoter described the exploit as “a BTC problem in itself”and added that “it has nothing to do with the different wallet programs.”

Wallets are exposed to the severity of the threat

However, Not everyone is convinced that BigSpender is a serious threat to BitcoinAs an affected wallet service provider, the language used by ZenGo researchers is questioning.

Speaking to Forbes, Ledger said: “There are no real double expenses. User funds remain secure. However, viewing the transactions received can be misleading. “

This, of course, is what Otto explained: getting users to deliver the goods before the funds are transferred due to “misleading” exposure. However, Anyone waiting for the confirmation of transactions before sending the goods is not affected.

ZenGo has launched a free, open source tool that wallet providers can use to test their products and protect themselves from the BigSpender attack. The company found that not all portfolios affected by the exploit have implemented updates