Israeli researchers at wallet startup ZenGeo have found a vulnerability affecting at least three major crypto wallets – Ledger Live, Edge, and Breadwallet. The flaw allows hackers to spend Bitcoin more than once, Coindesk report,Ed.
The bug, which the Tel Aviv-based firm calls BigSpender, allows a hacker to double-spend a user’s funds and possibly prevent them from ever using their wallet again. It works by exploiting how certain wallet’s handle Bitcoin’s replace-by-fee (RBF) function, a failsafe that enables users to swap an unconfirmed transaction with one that has a higher fee. “[BigSpender] can lead to substantial financial losses and in some cases to make the victim’s wallet totally unusable, with no way for the victim to protect themselves,” ZenGo CEO Ouriel Ohayon said in an email. “So this can be seen as a high severity attack.”
Check It Out: Double-Spending Flaw Found in Major Bitcoin Wallets