In brief

  • ZenGo discovered vulnerability to double-spending attacks in crypto wallets Ledger Live, Bread and Edge.
  • The wallets reportedly did not account for a potential cancellation of transactions.
  • Ledger’s chief technology officer argued that the exploit is more of a “clever piece of trickery” rather than a vulnerability.

Developers of keyless cryptocurrency wallet ZenGo today published a report detailing a vulnerability to double-spending attacks, dubbed “BigSpender,” they discovered in wallets such as Ledger Live, Bread (BRD), and Edge. In the worst-case scenario, the exploit could have made users’ funds unusable.

While the issue has been partly addressed by now, some of the aforementioned wallets still remain somewhat vulnerable.

Double-spending is a potential exploit in cryptocurrencies that allows malicious actors to spend the same coins two or more times. To do this, fraudsters can send a transaction with a minimum fee and then immediately override it by increasing the fee (so miners will be incentivized to verify the more profitable new transaction first) and redirecting funds to a different address.

According to ZenGo’s report, Ledger and Bread wallets did not account for a potential cancellation of a transaction at the time of testing. Furthermore, they just visually deposited additional funds to user balances without waiting for a confirmation.

“The core issue at the heart of the BigSpender vulnerability is that vulnerable wallets are not prepared for the option that a transaction might be canceled and implicitly assume it will get confirmed eventually,” the researchers explained.

In Ledger’s case, the issue reportedly was resolved by clearing the cache and forcing a network resynchronization. For Bread, recovery from this situation could have been “actually very hard.”

“This leaves the user with the option to migrate its seed from Bread to another wallet. Given that Bread has a non-standard HD derivation of key pairs from a seed, this is probably not easy, requiring some expertise from a user and possibly external tools,” ZenGo explained.

The report noted that the issue with Edge wallet was more subtle as its balance increased only once for a series of pending transactions—and was resolved by clicking “Resync” in the options menu.

In some instances, the exploit, dubbed “BigSpender,” could make it impossible for users to fully withdraw their balance since part of it just doesn’t exist, resulting in failed transactions. In more severe cases, such as intentional double-spending DDoS attacks on a wallet, its owners won’t be able to withdraw any funds at all.

“In some of the vulnerable wallets, this attack is hard (or even impossible) to recover from. Even reinstalling the wallet does not cause it to re-synchronize with the Bitcoin network and show the right balance. If no recovery is possible, the denial-of-service attack becomes permanent,” ZenGo cautioned.

Exploit or plain trickery?

The company said that it notified the developers of vulnerable wallets 90 days prior to going public with the report, but only some of them decided to fully fix the vulnerability.

According to ZenGo, Bread wallet fixed it in version 4.3 for iOS and Android. In its turn, Ledger “acknowledged the exploit, fixed some aspects (only the amplified variant) of the attack in 2.6,” but “other variants are not fixed yet.” Edge also acknowledged the vulnerability and plans “to fix it in the future,” said ZenGo.

Speaking to Decrypt, Ledger’s chief technology officer Charles Guillemet confirmed that ZenGo warned his company about the exploit, but argued that “BigSpender” is more of a “clever piece of trickery” rather than a vulnerability in the traditional sense.

“It’s important to understand that rather than vulnerability, the actual flaw may be seen more as a clever piece of trickery. Trickery is not a vulnerability. But we do want to prevent anyone from falling victim to these kinds of clever schemes,” Guillemet told Decrypt, adding that Ledger will be “releasing an update to our software, Ledger Live, where a banner will appear anytime an incoming transaction has yet to be confirmed.”

He also stated that Ledger’s hardware wallets are “unaffected by this flaw in the user interface.”

Decrypt similarly reached out to Bread and Edge but received no replies at the time of writing.