Kataryna Kovtun July 14, 2020
A team of experts from ZenGo discovered a “BigSpender” bug in many cryptocurrency wallets such as Ledger Live, Edge, BreadWallet. The error allows hackers to steal cryptocurrency.
Some wallets have a feature that allows users to replace an outgoing, unconfirmed transaction with a new one, but with a different fee. Due to this feature, holders could pay miners a higher amount for cryptocurrency transfer, so that they quickly confirm the operation. At the same time, it has become a loophole for hackers.
A bug in applications for storing digital assets allows criminals to replace unconfirmed transactions with their own and make user wallets malfunctioning.
How exactly hackers steal cryptocurrency?
To steal cryptocurrency, they must first replace the transaction with another, but with an extremely low commission. This will guarantee that the cryptocurrency transfer does not receive confirmation. Then, the hackers replace the standby transaction with their own, leading to a wallet controlled by them. As a result, the money goes to criminals, but the user’s application shows that the coins were allegedly delivered.
A bug gives hackers another opportunity. They can spam a user’s address with a lot of fake transactions so that a critical discrepancy appears between the real and the displayed balance. As a result, the wallet will be impossible to use. It is clarified that the Breadwallet and Ledger Live applications have already fixed the vulnerability.
On July 13, hackers broke into the cryptocurrency wallet of the Indian cryptocurrency exchange Cashaa and withdrew 336 bitcoins worth $ 3.1 million from it. The company reported the incident to the Department of Investigation of Cybercrime of the Delhi Police and other trading floors.
The BitXmi team advises all traders to keep cryptocurrencies in safe places. We offer safe and secure storage of your assets in the cold wallets of the Bitxmi exchange. Follow the link, register, and start your cryptocurrency wallet.
Join Bitxmi Exchange and get $10 worth of BXMI token after your first trade