A team at ZenGo discovered the BigSpender bug affecting major crypto-wallets, including Ledger Live, Edge, BreadWallet and potentially many more. The bug exploits how certain wallets handle the replace-by-fee feature which allows a user to swap an unconfirmed transaction with another transaction that has a higher fee. The RBF feature has become a standard way for users to send bitcoin and was developed as a way to circumvent slow confirmation times by paying more in fees.
Attackers can send funds to a wallet and set the fees low enough to almost guarantee the transaction will not receive a confirmation. The attacker can then use the RBF feature to replace the pending transaction with a transaction to another wallet that they control. For vulnerable wallets, this pending transaction will be reflected as an increase in the account balance, leading some users to believe they have received funds even though they have not. Attackers can also use the BigSpender vulnerability to send multiple fake transactions and reroute them before they are confirmed. This can cause the victim’s stated balance and actual funds to become decoupled and could make the wallet unusable. Both Breadwallet and Ledger Live have released fixes to prevent the attacks.
Source : PR Newswire