The developers of ZenGo crypto wallet discovered critical vulnerability for the attack of double spending called "BigSpender".
According to an official announcement, the vulnerability affected Ledger Live, Bread and Edge wallets.
The bug allows attackers to spend the same coins two or more times. Bad actor can send a transaction with a minimum fee, and then immediately replace the previous one by offering a higher fee.
Thus, cryptocurrency miners get an incentive to first check out a more profitable new transaction. Then an attacker can redirect funds to another address.
According to the developers, although the vulnerability is partially eliminated, users of some wallets can still become its victims.
At the time of writing, only Edge Wallet has not fixed the bug.
The ZenGo team urges wallet developers to test their wallet behavior with respect to Replace-by-Fee (RBF) transactions and cancellations.
In January, cybersecurity researchers at Kraken Security Labs discovered a way to extract seeds from such wallets as Trezor One and Trezor Model T just within 15 minutes.
According to the official blog post, all that potential hacker is needed is physical access to the wallet.
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.