🚨 Imagine receiving $100.
You think you received the funds, but they never really arrived, and the worst is yet to come.
Today, we introduce #BigSpender: a vulnerability in some of #Bitcoin ’s most popular wallets, allowing attackers to double (and multiple) spend.
You think you received the funds, but they never really arrived, and the worst is yet to come.
Today, we introduce #BigSpender: a vulnerability in some of #Bitcoin ’s most popular wallets, allowing attackers to double (and multiple) spend.
🔓 #BigSpender attacks:
1. Double-spend: Canceled tx still appears in the victim’s wallet
2. Amplification attack: Attackers can repeat the above attack to artificially turn $10 to $1000
3. DoS: When trying to “send all”, the transaction fails
1. Double-spend: Canceled tx still appears in the victim’s wallet
2. Amplification attack: Attackers can repeat the above attack to artificially turn $10 to $1000
3. DoS: When trying to “send all”, the transaction fails
Watch full demonstrations of #BigSpender’s double-spend, amplification, and DoS attacks on the vulnerable wallets 👇
zengo.com/bigspender-dou…
zengo.com/bigspender-dou…
We have disclosed the vulnerability to the affected wallets (@Ledger, @BRDHQ, @EdgeWallet).
Ledger and BRD fixed the issue and ZenGo was awarded a bug bounty.
Ledger and BRD fixed the issue and ZenGo was awarded a bug bounty.
