The alarm has been sounded regarding a vulnerability in some of the world’s most popular cryptocurrency wallets.
ZenGo, the developer of a mobile cryptocurrency wallet, discovered the weakness that expose users of other hardware wallets such as Ledger, BRD and Edge, TechCrunch reported.
The so-called BigSpender vulnerability might lead to incorrect balance on a user’s wallet as unconfirmed transactions are taken into account on the user’s total balance.
Essentially, the attacker would send a small amount of bitcoi with a low transaction fee and then the same amount with higher transaction fee. The original transaction will then be cancelled and the new higher one will probably be confirmed by miners faster as they are prone to consider higher transaction fees first.
However, some wallets are a bit too hot on the trigger and tends to take unconfirmed transactions for granted a bit too fast and herein is the problem, as TechCrunch described it. While a user might look at their wallet and see that the money is in there, even though the sender may have canceled the transaction and replaced it with a cash injection into a wallet that they own.
While no money will be stolen, it could lead to users being denied access to their accounts. ZenGo notified Ledger, Edge and BRD three months ago.
Copyright © 2018 RegTech Analyst