Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Ledgerâs chief technology officer Charles Guillemet said that the recently revealed vulnerability is nothing more than a user experience flaw.
Leading crypto hardware wallet producer Ledger has denied that its productâs transaction management software featured a double-spend vulnerability.
According to Ledgerâs CTO Charles Guillemet, the vulnerability recently revealed by software wallet ZenGo is â in fact â nothing more than a user experience flaw. He illustrated the nature of its hardware wallet companion software Ledger Live to Cointelegraph:
âItâs important to understand that rather than an attack, the actual flaw may be seen more as a clever piece of trickery. Trickery is not a vulnerability. However, we do want to prevent anyone from falling victim to these kinds of clever schemes. [...] Itâs just a UX issue that could be used by a dishonest product buyer. â
The claims are not new
ZenGoâs claims are closely related to those released by Bitcoin Cash (BCH)-focused firm BitcoinBCH at the end of 2019. At the time, the firmâs CEO Hayden Otto explained in a video how a Bitcoin (BTC) point-of-sale solution misled merchants into believing non-confirmed transactions were final and accepting them.
Like BitcoinBCH, ZenGo noted that Bitcoinâs replace-by-fee (RBF) feature can easily allow users to replace an unconfirmed transaction with a new one with a different target address that has a higher fee. It is worth noting that this feature only makes it easier to leverage the non-finality of unconfirmed transactions, a thing that is harder, but still possible without RBF.
Furthermore, ZenGoâs report also points out that RBF âdoes not introduce any new vulnerabilities in itselfâ and instead âit explicitly puts the responsibility on wallet applications and usersâ to identify unconfirmed transactions as unsafe.â This is confirmed by Guillemet:
âWe want to thank ZenGo for having responsibly disclosed this issue to us. [...] We do want to prevent anyone from falling victim to these kinds of clever schemes. A way to prevent this is of course to make sure that any transaction is first confirmed. Ledger Live is releasing an update on July 2nd. A warning is now displayed on pending transactions.â
ZenGo said that it was awarded a bug bounty for bringing attention to the issue.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.