According to PR Newswire, the team at ZenGo wallet has become aware of a major bug that can potentially allow cyber criminals to steal crypto from major wallets: BigSpender.
The bug works by using the "replace-by-fee" (RBF) feature, in which an unconfirmed crypto transfer can be swapped with a transaction with a higher fee to speed up the process.
The feature was initially introduced to wallets as a way of avoiding time-consuming confirmations by paying a higher fee.
Now, the article states, hackers can steal crypto from wallets by sending a transaction with a low fee, which will definitely not be confirmed, and then using RBF to push the owner’s coins to a third-party wallet.
Cyber criminals can also use the wallet feature to send several fake transactions at once and then change their route before confirmation.
However, the good news is that Bread Wallet and Ledger Live have taken measures to prevent these attacks and have released the necessary software updates.
Vladislav Sopov