https://decrypt.co/31463/bitcoin-segwit-bug-fix-could-lock-wallet-users-out-fundsA Bitcoin user running Segwit downloads a specific malware from an attacker. The victim then begins a transaction with two “inputs” (i.e., parts): one input is for 10 BTC and another is for 5.0001 BTC, so the transaction total is 15 BTC for a 0.0001 fee. Upon confirming the transaction, the user is met with an error message asking them to sign again. The attacker then switches the transaction inputs, so that one input is for 15 BTC and the other is for 0.0001.
With this switch, now the 15 BTC is the transaction fee and the 0.0001 BTC is the transaction. But, for this to pay off, the attacker has to be a miner who also happens to be mining the block that the transaction is included in. The victim must also be spending a transaction with more than one input and download the miner’s malware. In other words, a whole lot needs to go right for this to work.
D.h., dass der Angreifer erstmal den Rechner des Opfer mit Malware infiziert haben muss sodass er das Signieren der Transaktion manipulieren kann. Und dann muss der Angreifer derjenige sein, der auch den Block findet in welchem die manipulierte Transaktion landet um den Blockreward abzugreifen.
Viel ärgerlicher finde ich Folgendes:
https://blog.trezor.io/latest-firmware-updates-correct-possible-segwit-transaction-vulnerability-266df0d2860Unfortunately, some third-party tools like Electrum or PSBT-based tools like BTCPay Server and Wasabi Wallet do not allow Trezor to obtain the previous transaction in case of Segwit inputs, which is why Trezor will not be able to sign transactions using these tools until they are updated to work correctly. We are cooperating with these parties to fix the problem as we speak.
D.h. für mein Verständnis, dass alle Funds, welche einen Segwit-Input haben, für Electrum, BTCPay und Wasabi eingefroren sind, weil diese Tools die zu signierende Transaktion nicht verarbeiten können.