Using BigSpender bug, fraudsters can replace unconfirmed transactions and disable users' crypto wallets.
The issue has been seen with Breadwallet, Ledger Live and Edge wallets. Some of them have the function of replacing an unconfirmed outgoing transaction with a new one. The commission for such payments will be higher, but confirmation of the operation will come faster. This feature has become a loophole for hackers.
The theft of bitcoins and other coins is carried out by replacing the transaction with another, and the commission for it is significantly lower than the initial one. In this case, the payment remains without confirmation.
The hackers then replace the pending transaction with their own, which sends funds to their wallet. Users see a report on the delivery of coins, while the money goes to scammers.
Also, using a bug, hackers can send information about many fake transactions to the sender's email, as a result of which the real balance and the displayed amount do not match, and the crypto wallet will become unusable.
However, it has already become known that the cryptocurrency applications Ledger Live and Breadwallet have fixed bugs. On July 13, the attackers managed to hack the wallet of the Indian cryptocurrency exchange Cashaa. As a result, bitcoins were stolen, the amount of which in dollar terms was 3.1 million.