UniSat Marketplace, a browser wallet for Ordinals and BRC-20 tokens, has been hit by a double-spend attack due to a vulnerability in the code base, resulting in the immediate shutdown of the extension. The attack was noticed by the project team, who then reported the issue on Twitter.
UniSat Marketplace Hit by Double-Spend Attack
UniSat Marketplace has been recently launched, and it has already experienced numerous double-cost attacks. The vulnerability in the codebase allowed criminals to exploit the system, leading to the attack. The project team has modeled various approaches to double-cost attacks and made improvements and enhancements to the code during testing last week. However, some issues were discovered in the initial public version, which prompted the immediate shutdown of the wallet.
Double-Spend Attack Explained
A double-spend attack is a type of illegal blockchain technique that allows criminals to try and spend the same coins multiple times. This type of attack is usually carried out on decentralized systems, such as blockchain, where there is no central authority to control transactions.
Ordinals Protocol and Records
Ordinals is an innovative protocol that allows the creation of records on the underlying Bitcoin blockchain. Tokens are tied to a specific satoshi and added to the blockchain. Ordinals are digital artifacts that carry data in various formats, such as text, JPEG images, PDF, video, and audio.
On the other hand, BRC-20 standard uses records to deploy token contracts and transfer them. Earlier, the Ordinals protocol encountered code errors that prevented the validation of 1200 records. The issue was with the protocol indexer function, which took into account only those records in the first incoming transaction request sent before version 0.5.1 of the protocol.
Developers React to the Vulnerability
The developers of UniSat Marketplace responded quickly to the vulnerability, shutting down the wallet and reporting the issue on Twitter. They also confirmed that they were working on a solution to the problem and that the safety of user funds was their top priority.
Conclusion
The vulnerability in the UniSat Marketplace allowed criminals to exploit the system, leading to a double-spend attack. The incident highlights the importance of conducting thorough testing and auditing of code before deploying it to the public. The developers’ swift response to the issue is commendable, and they are working towards finding a solution to the problem. In the meantime, users are advised to be cautious when using the UniSat Marketplace wallet.
