BCH Backer Claims Bitcoin Wallet Double-Spend Issue Hasn’t Been Fixed

Published at: July 3, 2020

On July 2, crypto security firm ZenGo identified a double-spend exploit targeting several popular Bitcoin (BTC) wallets, dubbed ‘BigSpender’

Of nine cryptocurrency wallets tested by ZenGo, BRD, Ledger Live, and Edge were found to have been vulnerable to the attack. The three companies updated their products after ZenGo notified them of the threat, however the firm warned that “millions” of crypto users may have been exposed to the exploit prior to its identification.

Despite the wallets’ move to protect against BigSpender, Bitcoin Cash (BCH) proponent Hayden Otto claims the vulnerability is inherent to Bitcoin “by design” and can still be exploited.

Bitcoin vulnerable

BigSpender was discovered through ZenGo’s ongoing research into Bitcoin’s ‘Replace-by-Fee’ (RBF) feature. 

According to the security firm, “RBF is a standard method to allow users to ‘undo’ a yet to be confirmed transaction, by sending another transaction spending the same coins (but possibly different destination) with a higher fee”.

BigSpender is not the first time an exploit has targeted RBF vulnerabilities to execute a double-spend attack, with a similar technique being notoriously outlined in a video published by Otto in December that quickly went viral. The exploit is only possible with zero confirmations.

Speaking to Cointelegraph, Otto stated that RBF attack's are “particularly concerning for BTC-accepting merchants who could have easily handed over goods to a customer who then reversed their BTC transaction upon leaving the store.”

“The technique is facilitated by RBF (replace by fee), a so-called ‘feature’ added at the protocol level by the Bitcoin Core developers.The issue exists if you use BTC. Wallet software can only make some trade off, which results in a worse BTC user experience, in order to try to protect BTC users.”

The BCH proponent described the exploit as “an issue with BTC itself,” adding that it has “nothing to do with the various wallet software”.

Wallets challenge severity of threat

However, not everyone is convinced that BigSpender comprises a grave threat to Bitcoin, with the affected wallet providers challenging the language employed by ZenGo’s researchers.

Speaking to Forbes: Ledger asserted: “There is no actual double-spend being performed. The user funds stay safe. Nevertheless, the display of received transactions could be misleading.”

This is of course, what Otto exploited: getting merchants to hand over the goods before the funds were transferred due to a “misleading” display. However, merchants who wait for transactions to be confirmed before sending goods do not risk being affected.

ZenGo has released a free open-source tool that allows wallet providers to test their products and secure against the BigSpender vulnerability. The firm noted that not all of the wallets affected by the exploit have implemented upgrades

Tags
Related Posts
Bitcoin in the Palm of Your Hand — Crypto Hardware Wallets Review
A hardware wallet may just be the safest way to store cryptocurrency for average users. Nowadays, many different devices are trying to tackle the challenges of secure crypto asset storage. In this article, Cointelegraph will review some of the most well-known hardware wallets and compare their features. The cryptocurrency wallets that will be covered in this article are Ledger’s Nano X and Nano S, SatoshiLabs’s Trezor One and Trezor Model T, ShapeShift’s KeepKey, and Coinkite’s Coldcard and Opendime. It is also important to point out that all the wallets tested in this article, other than the Ledger Nano S (which …
Bitcoin / March 26, 2020
Crypto Custody Firm Ledger Vault to Provide Services to Crypto Broker Voyager Digital
Ledger Vault, the custody arm of hardware wallet manufacturer Ledger, will provide its services to Canadian cryptocurrency broker Voyager Digital, according to a press release shared with Cointelegraph on May 21. Per the release, Voyager Digital will integrate Ledger Vault’s multi-authorization cryptocurrency wallet management system into its trading platform with the aim to increase its overall cybersecurity. Voyager CEO Steve Ehrlich said that Ledger Vault ensures “security of our customer assets on the Voyager platform without compromising the speed and liquidity they’ve come to expect from Voyager. It's also a crucial step in our efforts to deliver crypto wallet transfers.” …
Bitcoin / May 21, 2019
What happens if you lose or break your hardware crypto wallet?
Hardware cryptocurrency wallets are known for granting users full control of their crypto and providing more security, but such wallets are prone to risks such as theft, destruction or loss. Does that mean that all your Bitcoin (BTC) is lost forever if your hardware wallet is lost, burned or stolen? Not at all. There are a number of options to restore cryptocurrency for someone who has lost access to their hardware wallet. The only requirement to recover crypto assets, in that case, would be maintaining access to the private keys. A private key is a cryptographic string of letters and …
Blockchain / June 14, 2022
Hardware crypto wallet sales increase as centralized exchanges scramble
Blockchain analysis firm Glassnode recently characterized the 2022 bear market as the worst on record. This seems to be the case due to events such as the war in Ukraine and rising inflation, coupled with serious problems among centralized crypto exchanges. Yet, the bear market hasn’t negatively impacted all players in the crypto ecosystem. Hardware wallet providers seem to be benefiting from the massive amount of crypto withdrawals from centralized exchanges. Pascal Gauthier, CEO of hardware wallet crypto firm Ledger, told Cointelegraph that the company’s revenue dropped about 90% during the 2018 crypto winter, but this hasn’t been the case …
Decentralization / July 6, 2022
Ledger hardware wallets hit by the FTX earthquake, CTO says
Hardware-based cryptocurrency wallet provider Ledger has experienced some issues due to massive outflows from crypto exchanges amid the FTX bloodbath, according to its chief technology officer. Ledger saw a “massive usage” of their platforms and suffered a “few scalability challenges” on Nov. 9, Ledger CTO Charles Guillemet reported in a statement on Twitter. Guillemet reasoned Ledger’s issues by the outcomes of the ongoing crisis of a major global cryptocurrency exchange, FTX. The CTO said that crypto investors have been increasingly offloading their holdings from crypto exchanges to Ledger, stating: “ After the FTX earthquake, there's a massive outflow from exchanges …
Bitcoin / Nov. 10, 2022