A new vulnerability in some popular bitcoin wallets can be exploited by scammers to commit fraud and even make the wallets themselves unusable.
Discovered by wallet startup ZenGo, the vulnerability, dubbed “BigSpender,” was found in bitcoin wallets from Ledger Live, Edge and Breadwallet – but potentially affects others as well. The vulnerability allows a scammer to double-spend bitcoin, a process whereby the owner of a wallet is tricked into believing he had received a bitcoin even if the transaction hasn’t been confirmed.
“Imagine receiving a $100 bank wire for some goods or services you just sold,” Obed Leiba at ZenGo explained in an example. “You supply the goods or services as you think you’ve received the money. After all, it shows in your account. Except it doesn’t. It’s just an illusion. The attacker was able to cancel the transaction in a way your bank had failed to detect.”