BCH Backer Claims Bitcoin Wallet Double-Spend Issue Hasn’t Been Fixed

BCH Backer Claims Bitcoin Wallet Double-Spend Issue Hasn’t Been Fixed



On July 2, crypto security firm ZenGo identified a double-spend exploit targeting several popular Bitcoin (BTC) wallets, dubbed ‘BigSpender’

Of nine cryptocurrency wallets tested by ZenGo, BRD, Ledger Live, and Edge were found to have been vulnerable to the attack. The three companies updated their products after ZenGo notified them of the threat, however the firm warned that “millions” of crypto users may have been exposed to the exploit prior to its identification.

Despite the wallets’ move to protect against BigSpender, Bitcoin Cash (BCH) proponent Hayden Otto claims the vulnerability is inherent to Bitcoin “by design” and can still be exploited.

Bitcoin vulnerable

BigSpender was discovered through ZenGo’s ongoing research into Bitcoin’s ‘Replace-by-Fee’ (RBF) feature. 

According to the security firm, “RBF is a standard method to allow users to ‘undo’ a yet to be confirmed transaction, by sending another transaction spending the same coins (but possibly different destination) with a higher fee”.

BigSpender is not the first time an exploit has targeted RBF vulnerabilities to execute a double-spend attack, with a similar technique being notoriously outlined in a video published by Otto in December that quickly went viral. The exploit is only possible with zero confirmations.

Speaking to Cointelegraph, Otto stated that RBF attack’s are “particularly concerning for BTC-accepting merchants who could have easily handed over goods to a customer who then reversed their BTC transaction upon leaving the store.”

“The technique is facilitated by RBF (replace by fee), a so-called ‘feature’ added at the protocol level by the Bitcoin Core developers.The issue exists if you use BTC. Wallet software can only make some trade off, which results in a worse BTC user experience, in order to try to protect BTC users.”

The BCH proponent described the exploit as “an issue with BTC itself,” adding that it has “nothing to do with the various wallet software”.

Wallets challenge severity of threat

However, not everyone is convinced that BigSpender comprises a grave threat to Bitcoin, with the affected wallet providers challenging the language employed by ZenGo’s researchers.

Speaking to Forbes: Ledger asserted: “There is no actual double-spend being performed. The user funds stay safe. Nevertheless, the display of received transactions could be misleading.”

This is of course, what Otto exploited: getting merchants to hand over the goods before the funds were transferred due to a “misleading” display. However, merchants who wait for transactions to be confirmed before sending goods do not risk being affected.

ZenGo has released a free open-source tool that allows wallet providers to test their products and secure against the BigSpender vulnerability. The firm noted that not all of the wallets affected by the exploit have implemented upgrades



Source link

Investlab.com is for sale, this domain and website is current been sold by its owners due to a lack of time commitment to run the site. The brand Investlab is famous and worth alot. If you are interested to buy it, email info@investlab.com

Cointelegraph By Samuel Haig


Leave a Reply

Your email address will not be published. Required fields are marked *


About us

InvestLab is a financial services technology company focused on the global trading market. Founded in 2010 in Hong Kong, the company develops trading, market data, and social research products that enable individual investors and small to mid-size brokers to access global markets. We provide brokers and financial institutions cross border capabilities for retail investors into 43 markets globally.


CONTACT US

CALL US ANYTIME