Security firm ZenGo has found an exploit in the Bitcoin blockchain that compromises its integrity
A new report from security firm ZenGo reveals that a double-spending exploit might be targeting certain Bitcoin (BTC) wallets. The report was published yesterday, and it unveiled a vulnerability that these wallets might still have due to the exploit dubbed “BigSpender.” However, it seems like this situation is only affecting Bitcoin and none of the other cryptocurrencies handle by those wallets. The company reviewed and tested at least nine wallets and BRD, Ledger Live and Edge are the ones exposing a vulnerability.
This information is not new, and several wallets have taken action in the past to eliminate this double-spending risk that was still a threat. However, Bitcoin Cash (BCH) proponent Hayden Otto insists that this vulnerability is inherent to Bitcoin “by design” and can still be exploited. ZenGo discovered the presence of this BigSpender during its research into Bitcoin’s “Replace-by-Fee” (RBF) feature. “RBF is a standard method to allow users to ‘undo’ a yet to be confirmed transaction, by sending another transaction spending the same coins (but possibly different destination) with a higher fee,” reported ZenGo.
This similar technique to attack wallets has been used before and it was actually outlined in a public video published by Otto back in December that subsequently went viral. Something to consider is that the success of this exploit is only possible with zero confirmations. Otto spoke to Cointelegraph about these attached and he stated that these RBF attacks are “particularly concerning for BTC-accepting merchants who could have easily handed over goods to a customer who then reversed their BTC transaction upon leaving the store.”
