You think you received the funds, but they never really arrived, and the worst is yet to come.
Today, we introduce #BigSpender: a vulnerability in some of #Bitcoin ’s most popular wallets, allowing attackers to double (and multiple) spend.
1. Double-spend: Canceled tx still appears in the victim’s wallet
2. Amplification attack: Attackers can repeat the above attack to artificially turn $10 to $1000
3. DoS: When trying to “send all”, the transaction fails
zengo.com/bigspender-dou…
Ledger and BRD fixed the issue and ZenGo was awarded a bug bounty.