- ZenGo has recently perceived a vulnerability known as ‘BigSpender’ in some of the most used cryptocurrency wallets such as Ledger, BRD and Edge.
- This double spending exploit has mostly targeted popular Bitcoin wallets.
- ZenGo had investigated almost nine cryptocurrency wallets and Ledger, BRD and Edge were found most affected by this vulnerability.
ZenGo has recently perceived a vulnerability known as ‘BigSpender’ in some of the most used cryptocurrency wallets such as Ledger, BRD and Edge. This double spending exploit has mostly targeted popular Bitcoin wallets.
ZenGo had investigated almost nine cryptocurrency wallets and Ledger, BRD and Edge were found most affected by this vulnerability. However, as soon as ZenGo informed them about the exploit, the wallets have updated all the security protocols in their products. Nevertheless, it is believed that many users have already been exposed to the threat before its identification.
What Can This Vulnerability Do?
This vulnerability may affect your balance by giving incorrect information about it and the attacker has the power to cancel the transaction prior to its confirmation, which generally leaves the users confused. The hacker can enhance a bitcoin protocol known as ‘Replace by Fee’.
This allows the hacker to firstly send the digital assets with low transaction fees. Next, they can send the same cryptocurrencies but with higher transaction fees. Consequently, the previous transaction is cancelled and the new transaction is added to the block. Higher transaction fees forces the new transaction to be executed faster than the others because of the high fees priority of the miners.
‘bigspender’ Said To Be Inherent In Wallets
Despite all the measures taken to prevent the vulnerability, the CEO and co-founder of the Bitcoin Cash, Hayden Otto has said that this double spending vulnerability is permanently in Bitcoin’s built and there are still many ways to exploit it. Otto had released a video in December, which specified the similar misuse of RBF vulnerability. Which means this isn’t the first time that an exploit has targeted the RBF features. Otto further emphasised that this issue only exists if you use Bitcoin and it has nothing to do with the above-mentioned software wallets.
Ledger, Edge And Brd Working On The Updates
ZenGo had almost notified the vulnerable firms 90 days ago. Consequently, Ledger and BRD have given them the bug bounty awards for their services. BRD has almost released a fix for the issue while Edge and Ledger are still working on it, hopefully it will be out soon. Ledger has also published a blog on how to diminish the effects of the vulnerability, BigSpender. ZenGo has also released an open source tool which will allow the companies to test and verify their products and security walls for the BigSpender vulnerability and can readily see their behaviour.