in

Bitcoin Segwit bug fix could lock wallet users out of their funds

A bug in Bitcoin transactions protocol Segwit could be exploited to trick hardware wallet users into sending their Bitcoin to the wrong address.

Czech-based Bitcoin hardware wallet Trezor released a firmware update two days ago. The patch was in response to a potential exploit for wallets that use the Segwit protocola transaction fix that enables cheaper and less data-heavy Bitcoin transactions.

But even though Trezor patched their wallet, it’s still causing problems for Trezor users who rely on the wallet to interact with other Bitcoin-related software, like the privacy-focused Wasabi wallet and Bitcoin tech-stack BTCPay.

Given the way the vulnerability has been patched, Trezor users who make the update and use Trezor with Wasabi and/or BTCPay will be locked out of their funds. Wasabi and BTCPay are urging users to not update until the compatibility issues between the firmware update and their software are resolved.

The Vulnerability

Prolific independent hacker Saleem Rashid discovered the exploit (his latest of many Bitcoin hardware/software bug finds) some three months ago and disclosed it to major hardware wallet manufacturers including Trezor and Ledger. With a firmware update available for download, Trezor rectified the vulnerability on its end.

But this vulnerability, which developers told Decrypt would be difficult to exploit, has Trezor in the spotlight because of its popularity with third-party wallet integrations (e.g., the hardware wallet can connect to popular privacy wallet Wasabi and Bitcoin payment portal BTCPay Server).

The actual bug, which is more-or-less severe than others in the past depending on the hardware wallet and software wallet developers, opens the following attack vectors according to Trezor:

A Bitcoin user running Segwit downloads a specific malware from an attacker. The victim then begins a transaction with two “inputs” (i.e., parts): one input is for 10 BTC and another is for 5.0001 BTC, so the transaction total is 15 BTC for a 0.0001 fee. Upon confirming the transaction, the user is met with an error message asking them to sign again. The attacker then switches the transaction inputs, so that one input is for 15 BTC and the other is for 0.0001.

With this switch, now the 15 BTC is the transaction fee and the 0.0001 BTC is the transaction. But, for this to pay off, the attacker has to be a miner who also happens to be mining the block that the transaction is included in. The victim must also be spending a transaction with more than one input and download the miner’s malware. In other words, a whole lot needs to go right for this to work.

ColdCard hardware wallet manufacturer NVK, who was not informed of the vulnerability, mentioned that the “severity is low” for the attack, adding that updating hardware wallets may “break hardware wallet interaction” with other wallet software.

This attack would require malware on the computer or some other means to change the transaction before signing. And also requires the attacker to be a miner to get the payout. Severity is low, updates would break HWI interop and maybe break Core too.

— NVK┗(°0◜)┛..○₿ (@nvk) June 3, 2020

Potential hyperbole aside, Trezor said that it’s keeping the fix simple. Trezor CEO Pavol Rusnak explained in a statement: “The fix is straightforward—we need to deal with Segwit transactions in the very same manner as we do with non-Segwit transactions,” which involves the wallet checking and re-validating all of its previous transactions before sending new ones.

Collateral Damage

Still, if the fix is an easy one for Trezor to make, that doesn’t mean it solves the problem completely for Trezor users who rely on the wallet to interact with other software.

The fix, for instance (having Segwit wallets check and re-validate old transactions), doesn’t work with some “third-party tools.” 

“Trezor will not be able to sign transactions using these tools until they are updated to work correctly. Due to the responsible disclosure process, we were not able to inform the maintainers beforehand,” the company’s post stated.

One of these affected parties is the privacy-focused Wasabi wallet, which integrated with Trezor last year. It’s founder Adam Fiscor, for instance, announced on Twitter that Wasabi users should not update their firmware until “compatibility issues” are sorted out.

If you are using Trezor with Wasabi please don’t upgrade your firmware until compatibility issues are resolved, otherwise your funds will get stuck until support of new firmware comes out. https://t.co/zrA5ml2kBL

— nopara73 (@nopara73) June 5, 2020

Fiscor told Decrypt over email that, in his opinion, “the consequences of the firmware update that Trezor users are locked out of [Wasab] wallet is more problematic than the attack itself,” and while he agrees “with NVK’s assessment,” he doesn’t blame Trezor “for being overly cautious.”

Nicolas Dorier, founder and head of the open-source BTCPay Server, told Decrypt that he wished Trezor offered “a transition period of 1-2 months so users have time to migrate their funds.”

BTCPay Server is a decentralized Bitcoin payment processor that includes added features like the Lightning network and, as of last year, hardware wallet integration with Trezor.

Dorier said that his service would likely need to drop support for Trezor and hardware wallets that require the transaction checking scheme because BTCPay Server users do not store all the blockchain’s data; they run so-called “pruned” nodes which only store as much data as is needed to use the BTCPay’s services with the Bitcoin network (this makes it quicker and easier to download and run BTCPay).

1/ If you use Trezor and updated the firmware, you won’t be able to get the money out of your Trezor via BTCPay Server anymore. We can’t fix the issue as we don’t have the data Trezor will request. (no transaction index)https://t.co/FIJOTiIHuD

— BTCPay Server (@BtcpayServer) June 4, 2020

So like Wasabi, BTCPay is urging its users to not update, lest their funds get locked into the service. As long as users are running an older version of Trezor, they should have no problems removing them. They could also restore their wallets from their seed phrase (the backup phrase that acts like a master key to a wallet in the event it is corrupted or lost) either on another, un-patched hardware wallet or as a new wallet on their BTCPay instance. 

For now, Trezor users on Wasabi and BTCPay are advised to sit tight and move their funds before they update.

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Coinbase wants to identify Bitcoin users for DEA, IRS

Bitcoin Segwit bug fix could lock wallet users out of their funds