Researchers expose an RBF vulnerability in some Bitcoin wallets

posted 4 months ago
ResearchAndMarkets[dot]com published a new article about a vulnerability in major Bitcoin wallets. A team at ZenGo discovered the BigSpender bug affecting major crypto-wallets, including Ledger Live, Edge, BreadWallet and potentially many more. The bug exploits how certain wallets handle the replace-by-fee feature which allows a user to swap an unconfirmed transaction with another transaction that has a higher fee.

Attackers use the RBF feature to replace their pending transaction with a transaction to another wallet that they control. For vulnerable wallets, this pending transaction will be reflected as an increase in the account balance, leading some users to believe they have received funds even though they have not. This can cause the victim’s stated balance and actual funds to become decoupled and could make the wallet unusable. Some wallets have already released fixes to prevent the attack.
Tags: bitcoin, blockchain, news