Vulnerability found in popular crypto wallets like Ledger and others

For the world economy development of cryptocurrencies is a new dimension, and that is why every facet of the same need to be strong and perfect. Though many users have started using this virtual currency, there are still some questions that haunt many aspirants, and there is also news that may increase the worry of such potential users. As per some experts, the crypto wallets are not technically sound, and their security can be a big question for the data and privacy of users. A survey was done by some of the leading companies, and they have found improper security to these wallets. Many vulnerabilities were recently found in popular crypto wallets like Ledger, BRD, and Edge by the startup company ZenGo which works in the mobile crypto wallet sector. These vulnerabilities are often used by attackers and malicious users to commit fraud and other activities. It is the time when these issues need to be fixed by the developers as users will lose confidence about the overall security of the blockchain currency if these continue for a long time. There is no response from the promoters of these blockchains regarding these vulnerabilities, and it would be interesting to see their reaction in this situation.

BigSpender Vulnerability

In this situation, the balance is not shown correctly in the wallet. It can create a lot of confusion, and users may believe that they have received some money while it is still in process. The reason this happens is that the unconfirmed transactions are taken into account while calculating the total balance in the user’s wallet. In this way, the attackers who usually target vulnerable people revoke the transactions before they can be confirmed, creating a lot of confusion about the total balance. Many users are reporting such frauds happening in Craigslist and other marketplaces.

How does this work?

The attackers are using a Bitcoin feature known as Replace by Fee. in this option, users have the option to cancel an earlier transaction with low transaction fees with a new transaction with higher transaction fees. In that case, the original transaction gets canceled, and it is replaced with a new one. This loophole is used by fraudsters who initially send payment and later on cancel it after receiving the goods or services from the other person. Earlier, such methods were used with PayPal transactions, and attackers used to send fake PayPal transactions.

Fake transactions in crypto

Some crypto wallets have this vulnerability wherein they consider the transactions that are not yet confirmed into the total account value. Attackers usually send some Bitcoins and quickly cancel them or replace them with another transaction. In this way, the earlier balance may still reflect in the account, and this can be used to process a new purchase. When multiple such transactions are processed in a quick time, it can lead to large amounts of fraud. Although there are some methods to correct the balance by clearing the app cache, it may not be done in every case, and attackers may use such vulnerabilities in the long run.

ZenGo discovered vulnerability

ZenGo, a mobile crypto startup, recently figured out these loopholes and mentioned them in their publication. It has led to a huge sensation in the crypto world, and BRD and Ledger have even handed over rewards to this company for discovering such loopholes. While BRD has announced that they have fixed the issue, there is no confirmation from Ledger. It may take some more time before such crypto wallets are completely secured from all sorts of vulnerabilities. Till then, users have to limit their transactions and monitor them carefully.

Leave a Comment