2 July 2020: Incorrect BTC balance in Ledger Live with RBF UTXOs
Bitcoin’s Replace-By-Fee RBF enables Bitcoin users to replace an unconfirmed transaction in a mempool with a different transaction. The Ledger Live software increases the user’s balance with the value of an unconfirmed transaction as soon as it is received (before the transaction is confirmed) and does not decrease the balance when it is cancelled.
Attackers can trick a victim into thinking that a Bitcoin transaction is confirmed while it isn’t.
Several attack scenarios are conceivable, all relying on an invalid balance displayed by Ledger Live.
Attackers can abuse this problem by sending their victim a transaction of a big value but with minimal fees. While the transaction will be pending for a long time because of the minimal fees, the transaction can be cancelled by the attacker. However the transaction will still be displayed as confirmed by Ledger Live. Users might eventually believe a payment was received while it isn’t the case.
The send max feature might also be blocked by this attack if the balance computed by Ledger Live is higher than the actual balance.
Details of suspicious transactions can be reviewed on blockchain explorer websites, which will be marked as unconfirmed.
The remediation of this vulnerability involves fixes in various components of Ledger stack: Ledger Live Desktop (PR 3031, PR 3033), Ledger Live Mobile (PR 1310), Ledger Live Common (PR 758), Ledger Core Library (PR 603, PR 606).
For end-users, the vulnerability is fixed from Ledger Live version 2.7.0.
We would like to thank the security researchers Tal Be’ery and Oded Leiba from Zengo, who discovered the vulnerabilities and reported them through our bug bounty program.
- Replace-by-fee (RBF)
- LL-2601 Add a warning when we have txs pending confirmation #3031
- LL-2602 Add a warning when we have txs pending #1310
- Add Send Bitcoin advanced options #3033
- Bitcoin model to include some coin control features #758
- Fix synchronization for RBF transaction #603
- Add a method in BTC outputs to know if the output could be replaced (RBF) #606