Press "Enter" to skip to content

Ledger Crypto Wallet Claims Purported Vulnerability Is User Experience Flaw

Leading crypto {hardware} pockets producer Ledger has denied that its product’s transaction administration software program featured a double-spend vulnerability.

According to Ledger’s CTO Charles Guillemet, the vulnerability just lately revealed by software program pockets ZenGo is — in reality — nothing greater than a person expertise flaw. He illustrated the character of its {hardware} pockets companion software program Ledger Live to Cointelegraph:

“It’s important to understand that rather than an attack, the actual flaw may be seen more as a clever piece of trickery. Trickery is not a vulnerability. However, we do want to prevent anyone from falling victim to these kinds of clever schemes. […] It’s just a UX issue that could be used by a dishonest product buyer. ”

The claims aren’t new

ZenGo’s claims are carefully associated to these launched by Bitcoin Cash (BCH)-focused agency BitcoinBCH on the finish of 2019. At the time, the agency’s CEO Hayden Otto defined in a video how a Bitcoin (BTC) point-of-sale answer misled retailers into believing non-confirmed transactions have been ultimate and accepting them.

Like BitcoinBCH, ZenGo famous that Bitcoin’s replace-by-fee (RBF) characteristic can simply enable customers to interchange an unconfirmed transaction with a brand new one with a special goal tackle that has the next payment. It is value noting that this characteristic solely makes it simpler to leverage the non-finality of unconfirmed transactions, a factor that’s tougher, however nonetheless attainable with out RBF.

Furthermore, ZenGo’s report additionally factors out that RBF “does not introduce any new vulnerabilities in itself” and as an alternative “it explicitly puts the responsibility on wallet applications and users’ to identify unconfirmed transactions as unsafe.” This is confirmed by Guillemet:

“We want to thank ZenGo for having responsibly disclosed this issue to us. […] We do want to prevent anyone from falling victim to these kinds of clever schemes. A way to prevent this is of course to make sure that any transaction is first confirmed. Ledger Live is releasing an update on July 2nd. A warning is now displayed on pending transactions.”

ZenGo mentioned that it was awarded a bug bounty for bringing consideration to the problem.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *