A Bitcoin bull run in 2017 led to the price rising to around $20,000, which has resulted in an increase in Bitcoin hacks and thefts.
While the Bitcoin price had fallen by over half since its all-time high in late 2017, hackers still target Bitcoin users regularly.
Several popular Bitcoin wallets could have been compromised by a newly discovered vulnerability, researchers have warned. “Millions” of Bitcoin users could have been at risk. But to protect such thefts, you could select a safe and secure Bitcoin Wallet.
ZenGo, a Bitcoin and crypto company with offices in Tel Aviv, reported that three major Bitcoin wallets were susceptible to double-spending attacks, adding other wallets beyond the nine they tested were also at risk.
After their developers were alerted by ZenGo, the Bitcoin wallets Ledger Live, Edge, and BRD were updated to try and prevent the attack.
An attacker can take advantage of a vulnerability called BigSpender to make it appear that they have received a payment when in fact they have replaced it by another. Even though not everyone agrees on the vulnerability’s nature, it could prevent wallet owners from accessing their funds.
“The vulnerability in BigSpender effects wallet solutions that implicitly assume transactions will be confirmed and do not consider the possibility that a transaction will be canceled” reads the description of the vulnerability.” A senior ZenGo engineer, Oded Leiba, exposed the vulnerabilities on his blog.
As a result, the user’s account balance is increased on an incoming transaction that has not been confirmed, and is not deducted when the transaction is actually canceled for being double-spent.
The ZenGo researchers’ use of language has been questioned by Ledger and BRD.
Ledger’s security team said via email that there was no actual double spend. “The user funds remain safe. However, the display of the received transactions may be misleading.”
One of the most commonly used Bitcoin wallets that are vulnerable to this attack is ZenGo’s, which ZenGo researchers say is indicative of how serious the bug is.
Based on the public numbers associated with Ledger and BRD, there could have been several millions of users exposed before the fix, ZenGo CEO Ouriel Ohayon said via email. The Bitcoin and crypto news outlet Coindesk reported that BRD recently reached the 5 million user mark.
Despite the dispute between developers of Bitcoin wallets and Ohayon, who insists the threat might actually be worse than currently assumed.
Ohayon said, additional issues could exist, as well as other wallets not vulnerable to the BigSpender attack, including ZenGo’s own, were not affected.
The fact that you could be unable to spend your Bitcoins, and the fact that this could be done on a large scale, makes this [exploit] more serious.”
The industry is constantly battling hackers. Security is a long-term battle that cannot be won by one product or one player alone. Research and security must be as important to wallet development as product development and services if mass adoption is to be achieved.