A bug in the Segwit protocol could play into the hands of potential attackers who are targetinghardware cryptocurrency wallets.
Bitcoin Segwit protocol update stillcarries the threat of blocking funds for hardware wallets even despite updates being released. Bitcoin Core developer Luke Junior came to this opinion.
An exploit discovered three months agostill poses a risk for hardware wallets like Trezor. The detected bug changes the values for transactions, as a result of which the actual amount for transfer is swapped with the amount intended to pay the commission.
Thus, in case of sending 20 BTC with a totalcommission ~ 0.00000001 BTC, the attacker can swap the amounts, as a result of which the user already spends 20 BTC on commission costs, and the actual transaction amount is 0.00000001 BTC.
What is the probability?
However, as Trezor notes, to carry out such an attack, the attacker must be a Bitcoin miner and verify exactly the block in which the 20 BTC transaction would be included.
Despite the fact that the likelihood of such a coincidence is small, the crypto developers community is concerned about the detected bug.
Things are much worse for Trezor owners using a cold wallet for BTCPay Server or Wasabi services.
After the update released in Trezor, which was supposed to solve the issue with substitution fees, users may completely lose their funds when using BTCPay Server, Wasabi or HWI.
The transaction will simply get stuck until a new software firmware is released, explains Wasabi Wallet developer @nopara73 on his Twitter page.
If you are using Trezor with Wasabi pleasedon’t upgrade your firmware until compatibility issues are resolved, otherwise your funds will get stuck until support of new firmware comes out. https://t.co/zrA5ml2kBL
- nopara73 (@ nopara73) June 5, 2020
Wasabi and BTCPay urge users not to update their cryptocurrency wallets until the compatibility problems between updating the firmware and their software are resolved.
Previously the research department of the crypto exchangeKraken has discovered an exploit that allows you to hack a Trezor wallet in just 15 minutes, although this requires physical access to the device. Using this cyber attack technology, Trezor One and Trezor Model T wallets can be hacked.
What do you think is the likelihood of using such an attack against cryptocurrency owners? Share your thoughts with us in the comments.
</p>Rate this publication
Read this:
Kraken experts managed to extract a seed phrase from Trezor Bitcoin wallet in 15 minutes
Kraken Security Labs discovered vulnerability in Trezor hardware wallet
Casa introduced a new version of hardware bitcoin nodes with support for BTCPay Server
Ledger hardware wallets support Algorand
Found a new way to measure gravity using pairs of atoms
An effective way to convert brewery grain waste to fuel found