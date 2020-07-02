A standard way to transact Bitcoin could be vulnerable to double-spending, new research has found. Blockchain sleuths at ZenGo, a wallet startup, have found a vulnerability that affected at least three major crypto wallets – Ledger Live, Edge and Breadwallet (BRD) – and potentially more.

The bug, which the Tel Aviv-based firm calls BigSpender, allows a hacker to double spend a user’s funds and possibly prevent them from ever using their wallet again. It works by exploiting a flaw in Bitcoin’s replace-by-fee (RBF) function, a failsafe that enables users to swap an unconfirmed transaction with one that has a higher fee.

“[BigSpender] can lead to substantial financial losses and in some cases to make the victim’s wallet totally unusable with no way for the victim to protect themselves,” ZenGo CEO Ouriel Ohayon said in an email. “So this can be seen as a high severity attack.”

Related: Nomura-Backed Crypto Custody Venture Launches After 2 Years in the Works

Like other vulnerabilities found in Bitcoin’s core codebase, such as timelocked transactions, the RBF function has become a standard way for users to send value back and forth. It was pitched and accepted by the developer community as a way for Bitcoiners to circumvent slow confirmation times by paying more in fees.

See also: Raphael Auer – The Security Trilemma and the Future of Bitcoin

From the outset, there were fears that the RBF function was not well supported by Bitcoin wallets, despite being integrated at Bitcoin’s protocol layer, the pseudonymous Bitcoin researcher 0xB10C said. “ZenGo shows that a user can be tricked into thinking he is receiving bitcoin when he is not. I believe this to be novel. I’ve at least not heard about it before,” he said.

The firm tested nine different wallets including Ledger Live, Trust wallet, Exodus, Edge, Bread, Coinbase, Blockstream Green, Blockchain and Atomic Wallet. Of those tested, three were found to be vulnerable to the theoretical exploit.

Related: Thailand to Raise $6.4M With Sale of Blockchain-Based Bonds

“We have not tested all the wallets but it could be that if three of the largest are implicated, more out there are too,” Ohayon said. ZenGo alerted the firms about its findings, and gave them 90 days to repair the vulnerability.

Ledger and BRD have released code changes to prevent the attack from happening, and paid undisclosed big bounties to ZenGo, while Edge is currently undergoing a “significant refactor” that will address the issue, Edge’s CEO Paul Puey said in an email.

The hack leverages a known vulnerability in how certain wallets treat Bitcoin’s RBF transactions, Peter Todd, Bitcoin developer and RBF’s architect, said.

How it works: Attackers send funds to their intended victim, and set fees low enough to nearly guarantee the transaction will not receive a confirmation. While the transaction is pending, the attacker cancels it. For vulnerable wallets, this pending transaction will be reflected as an increase in a user’s account balance, and therefore, possibly, lead some victims to erroneously believe the transaction has gone through, despite being cancelled.

This discrepancy between a victim’s stated and actual balance could be exploited by malicious actors tricking people into providing goods or services without paying for them – except the minimal amount of fees spent. In this sense, the flaw is with a wallet’s UX and UI design.

Double trouble?

If a hacker can trick a person into believing they received payment, while simultaneously maintaining control of the bitcoin, this is a double-spend, according to ZenGo’s researchers.

“You have to decide what is the definition of a double-spend. Most people that aren’t trolls would say that a double-spend is when you have a confirmed transaction that is somehow invalidated and spent with a different confirmed transaction,” Jameson Lopp, CTO of custody startup Casa, said, denying the researchers’ claims.

This attack, by its nature, takes advantage of the way wallets display unconfirmed transactions. In this sense, the attack – while fraudulent – isn’t breaking the way the Bitcoin code functions.

“The whole point of the blockchain is to prevent the double-spend problem,” Lopp said. “It goes back to the original Satoshi white paper, which says the solution to double-spending is to have a distributed ledger that many people are checking.”