A newly-disclosed flaw in the user interfaces of popular wallet services Ledger Live, BRD, and Edge made it possible for attackers to trick users into thinking they had received bitcoin when they hadn't, according to a new report from ZenGo, also a wallet service.
ZenGo made the relevant vendors aware of their findings and agreed to keep it confidential for 90 days as part of a formal disclosure process. The 90-day period expired July 1. ZenGo has characterized the attack as a "double spend vulnerability" — a contention that each of the wallet providers pushed back on when contacted.
The issue apparently stems from a Bitcoin feature called Replace-by-Fee. Put simply, the feature lets users replace a transaction that is still waiting to be confirmed with another transaction that uses the same coin but adds a higher transaction fee. This can help if a transaction is stuck in the mempool, the waiting area for unconfirmed transactions. A higher fee will theoretically entice miners to confirm it faster.
According to ZenGo, due to the way that the vulnerable wallets had been designed, it was possible for an attacker to exploit Replace-by-Fee to trick a victim (a merchant, for example) into providing the good or service while the transaction that is supposed to pay them is still pending — only to cancel the transaction before the network confirms it. Hackers can do this repeatedly, according to the ZenGo team, which has named the vulnerability "BigSpender."
Generally, a Bitcoin transaction is considered pending until a number of additional blocks have been confirmed on top of the block in which the transaction resides.
The issue the ZenGo team discovered mostly pertains to the user interface. The more vulnerable wallets are those that don't make clear to the user that a transaction is still pending or has been canceled, instead prematurely updating the user's balance to make it seem like the new payment is there, Tal Be'ery, ZenGo's security research manager, told The Block in an interview.
The bug also exposes users to a kind of denial-of-service attack, which can result from the wallet "miscalculating" the balance, according to ZenGo's report.
According to Be'ery, his team "stumbled across" the bug while experimenting with Replace-by-Fee for its own wallet R&D. "We are not going around looking for vulnerabilities in other wallets," he said.
In some ways, the described attack is akin to a race attack, which is also based on trickery involving unconfirmed transactions. In that case, the attacker tries to trick a merchant into providing a good or service for free by broadcasting two simultaneous transactions — one to the merchant and one another wallet. The goal is to get miners to confirm the second transaction first, thereby preventing the merchant from getting paid via the other one. A race attack is considered a type of double spend attack.
Once they became aware of the "BigSpender" vulnerability, Be'ery and his colleagues decided to see if it existed in other wallets. He says they found that Ledger Live, BRD, and Edge had not implemented Request-by-Fee "correctly."
All three of the wallet providers implicated in ZenGo's report confirmed to The Block that ZenGo had contacted them about potential risks related to Request-by-Fee. But they all pushed back on the use of "double spend"—which technically refers to an attack in which someone spends the same bitcoins more than once — to describe the potential exploit.
"Double spend was never successfully demonstrated in any of the communications with ZenGo," Samuel Sutch, BRD's CTO told The Block in an email. Sutch said that in BRD's wallet, the flaw manifested as a denial of service attack that "allowed a compromised payment endpoint to potentially deny a user access to funds in their wallet for up to a few days."
Sutch said that although the attack "was only possible in contrived scenarios," BRD has fixed the bug and paid ZenGo a bug bounty for responsibly disclosing it.
Charles Guillemet, CTO of Ledger, called the issue "just a simple UX bug," adding that the potential attack exploit is more like "a clever piece of trickery." Nonetheless, Ledger Live has released an update that will include a warning about pending transactions and a new banner that flags to the user when a given incoming transaction is still waiting to be confirmed, he said.
Ledger also paid "very small" bounty to Zengo "as we do all bug bounty participants," Guillemet said, adding: "We want to stress that our hardware wallets are unaffected by this flaw in the user interface, and users' funds are safe."
In the case of Edge, meanwhile, the issue was "more subtle," according to ZenGo. In some cases, the wallet can miscalculate the user's balance, but the issue can be resolved by clicking a button to "resync" the wallet.
Paul Puey, CEO and co-founder of Edge, told The Block in an email that ZenGo had made his company aware of "a general concern regarding (Request-by-Fee) transactions." Puey also shared his response to the ZenGo team, in which he said that Edge wallet makes it "very obvious" that a user's transaction is pending.
Puey also noted in the response that Edge was working on a fix for an issue in which the wallet fails to drop pending transactions even when they've been dropped from the network. "In the meantime, a user needs to resync the wallet to remove the transaction," he said.
© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.