- ZenGo has discovered a vulnerability to double-spend attacks in some of the most popular cryptocurrency wallets.
- The vulnerability, dubbed “BigSpender” was discovered in wallets like Ledger Live, Bread (BRD) and Edge.
- Ledger and BRD have confirmed that they have fixed the issue.
ZenGo, a mobile wallet company, stated that most of the cryptocurrency wallets in the market are vulnerable to double-spending attacks. The vulnerability, dubbed “BigSpender” was discovered in wallets like Ledger Live, Bread (BRD), and Edge.
Double-spending is a potential exploit in digital assets that allows bad actors to spend the same coins more than once. It works by exploiting a flaw in Bitcoin’s replace-by-fee (RBF) feature, a failsafe that lets users swap an unconfirmed transaction with one that has a higher fee. ZenGo CEO, Ouriel Ohayon, said that the BigSpender vulnerability can cause significant financial losses and make a victim’s wallet completely unusable.
ZenGo disclosed the vulnerability to Edger, BRD and Ledger about three months ago and received Bug Bounty rewards from Ledger and BRD. Both companies have already fixed the issue. Ledger’s VP of Marketing, Benoît Pellevoizin, said:
Everything has been fixed in the most recent update that was released two days ago.
Pellevoizin noted that unconfirmed transactions will now be highlighted and users will be informed of them. He added that Ledger Live does not use funds from unconfirmed transactions when sending funds.