Bug in #Segwit, which can be a security vulnerability for hardware wallets and similar.
#Bitcoin isn't vulnerable itself, but users of Segwit wallets should ensure they upgrade if affected, before *sending* any new transactions.
(The solution is to not use a new technical-internals feature Segwit introduced.)
The severity of this may be exaggerated:
Since this vulnerability can only be exploited by tricking the user to sign twice, there's a fundamental unfixable attack here anyway:
If they can trick you to sign twice, they can probably also get you to send the full amount twice too.
@lukedashjr Any bitcoin core versions affected?
@kekcoin It shouldn't affect the built-in wallet.
I'm not 100% clear on if it affects the PSBT RPCs, or not.
@lukedashjr I wonder if Ledger's series of hardware is impacted.
@TallTim I haven't seen an answer to that yet. :/
@lukedashjr Fair enough, I'll check it out to see if they have some kind of announcement.
@lukedashjr It may have been addressed by Ledger in a recent update -- https://www.reddit.com/r/ledgerwallet/comments/gwzyln/segwit_vulnerability_hardware_wallets_concerns/
@lukedashjr Here's the update posted by Ledger themselves -- https://support.ledger.com/hc/en-us/articles/360014191540-Massive-transaction-fees-in-BTC-and-BTC-based-apps
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!