Vulnerability Found Popular Crypto Wallets like Ledger and Others

Vulnerability Found Popular Crypto Wallets like Ledger and Others

Mobile crypto wallet startup ZenGo recently discovered a vulnerability in some popular crypto wallets including Edge, BRD, and Ledger.

BigSpender vulnerability

The BigSpender vulnerability can show the incorrect balance on a user’s wallets because unconfirmed transactions are taken into account in the total balance. The attacker can revoke these transactions before they are confirmed because of which there could be confusion about the actual balance. This type of attack is quickly gaining prominence in online marketplaces like Craigslist.

Vulnerability Found Popular Crypto Wallets like Ledger and Others

In this method, people buy stuff from others online and send them fake PayPal transaction emails which confirms their transactions. However, in reality, no transaction is made and the user’s account doesn’t reflect any changes. Similar BigSpender techniques are now being used in cryptocurrencies. They utilize a feature in the Bitcoin protocol called Replace-by-Fee.

This feature allows users to send some Bitcoins will a low transaction fee. They could also send the same transaction with a higher transaction fee. The original transaction is then cancelled and the new one replaced it. The new transaction is processed more quickly because of a higher transaction fee.

How fake transactions work in crypto?

Some crypto wallets may take unconfirmed transactions into account very quickly because of which it may appear that a user has received Bitcoin. In reality, they behave not received anything. The sender may cancel or replace that transaction with another one at a wallet they control. As a result of this, the balance in user accounts still remains, even though the amount is never credited.

The attackers can use this feature to make multiple transactions even if they don’t possess the money needed to buy an expensive item. The attackers may also launch a denial-of-service attack and freeze a user’s crypto assets. This problem can usually be solved by clearing app cache and resyncing the Bitcoin wallets. It does not affect the existing balance in your Bitcoin account.

ZenGo discovered the vulnerability in BRD, Ledger, and Edge about 90 days ago. Both BRD and Ledger have handed over bug bounty rewards to the startup. BRD has released a fix while Edge and Ledger are working on a fix.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • US-Friendly
  • Paypal accepted
  • 12+ cryptocurrencies

Visit Site
75% of retail investors lose money.
eToro Reviews

    eToro Reviews your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees

    Visit Site
    80.5% of retail investors lose money.
    Plus500 Reviews

      Plus500 Reviews your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Past performance is no guarantee of future results.

      Sherlock Gomes loves to write and express his views on anything related to Crypto. He has been covering Crypto for more than two years now. He likes Bitcoin and Cardano. He also writes on Finance, Healthcare, and Technology among other stuff. He can be reached by e-mail on