ZenGo, a mobile crypto wallet provider disclosed a vulnerability named BigSpender in some most used crypto wallets like hardware wallet Ledger, BRD and Edge.
First let it clear that this vulnerability cannot cause to loss your existing fund . it can only misinfrom the user that you receive the money . The attacker can use bitcoin feature Replace-By-Fee . This feature lets you send some bitcoins with a low transaction fee and then send the same crypto assets but with a higher transaction fee
Imagine receiving a $100 bank wire for some goods or services you just sold. You supply the goods or services as you think you’ve received the money. After all, it shows in your account!
Except it doesn’t. It’s just an illusion. The attacker was able to cancel the transaction in a way your bank had failed to detect.
Making things even worse, the attacker can repeat this trick 100 times by repeatedly sending and then secretly canceling $100 wire transfers (with the same $100 bill) to create the illusion of sending $10,000.
Adding insult to injury, you discover you can’t spend the money you had before these fraudulent transactions occurred as the transactions corrupted your account.
This is what the BigSpender attack enables. It allows an attacker to cancel a Bitcoin transaction but still have it appear in a victim’s vulnerable wallet and the cost to execute it is fairly low.
No comments:
Post a Comment