COMING SOON: A New Way to Earn Passive Income with DeFi in 2025 LEARN MORE
Track all markets on TradingView

Bitcoin double-spending vulnerability uncovered in major crypto wallets

2 mins read
47489
hacker

Contents

1. Attackers leverage on RBF function for Bitcoin double-spending
2. Crypto wallets update their system against ‘BigSpender’
Share link:

In this post:

Blockchain researcher at the Tel Aviv-based cryptocurrency wallet startup, ZenGo has uncovered a vulnerability in major digital currency wallets, which could potentially result in Bitcoin double-spending. Most of these wallet providers have been informed and have also taken up measures to prevent such cases.

Attackers leverage on RBF function for Bitcoin double-spending

The so-called ‘BigSpender’ bug works by exploiting Bitcoin’s RBF function (replace-by-fee). Using the bug, bad actors can cause Bitcoin double-spending with victims’ funds, and ultimately stop them from making use of the affected wallets again. “This can be seen as a high severity attack,” said Ouriel Ohayon, the CEO at ZenGo.

Basically, the RBF function was adopted as a way for Bitcoin users to bypass the slow confirmation period by enabling them to pay a higher transaction fee. Despite serving its purpose of reducing long confirmation time, there were still concerns that it could possibly cause problems as Bitcoin wallets don’t fully support it.

To be precise, the Bitcoin double-spending attack leverages on how digital currency wallet treats RBF transactions with Bitcoin, according to a Bitcoin developer, Peter Todd. The attackers would knowingly place a low fee bitcoin transaction to avoid fast confirmation and later cancel the pending transaction.

Crypto wallets update their system against ‘BigSpender’

On the vulnerable crypto wallets, the transaction will be credited to the victim, whereas the attacker has already canceled it. Reportedly, three major wallets out of nine were found vulnerable to this attack, which can result in Bitcoin double-spending. The wallets include Breadwallet (BRD), Edge, and Ledger Live. Ohayon says:

We have not tested all the wallets, but it could be that if three of the largest are implicated, more out there are too.

Per the report, BRD and Ledger have updated new codes to avoid the double-spending attack, while the Edge wallet undergoes a “significant refactor” to prevent such an attack as well.

See also  UK Treasury says it doesn't want anything to do with a Bitcoin reserve

KEY Difference Wire helps crypto brands break through and dominate headlines fast

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...

Sign up and stay on the top

Stay informed with Cryptopolitan’s newsletters — delivered straight to your inbox.

subscribe

Your gateway to web3.

top section
Learn
Company
Our products
Twitter Instagram Linkedin Telegram Facebook Youtube

Copyright 2024 Cryptopolitan

SEARCH
Top Sections
Follow us
Twitter Instagram Linkedin Telegram Facebook Youtube

- The Crypto newsletter that keeps you ahead -

Markets move fast.

We move faster.

Subscribe to Cryptopolitan Daily and get timely, sharp, and relevant crypto insights straight to your inbox.

  • Breaking news & regulatory updates
  • Expert analysis on market trends
  • No hype, just facts that matter

Join now and
never miss a move.

Get in. Get the facts.
Get ahead.

Subscribe to CryptoPolitan