Originally published on: August 08, 2024
A groundbreaking discovery by security researchers has unveiled a new hacking method called the “Dark Skippy” that can extract private keys from Bitcoin hardware wallets with just two signed transactions. This vulnerability, named Dark Skippy, has the potential to impact all hardware wallet models if the attacker can lure the victim into downloading malicious firmware.
Previously, victims had to post numerous transactions to the blockchain for an attack to be successful. However, with the updated Dark Skippy method, even a couple of transactions are enough for the attacker to compromise the hardware wallet. Shockingly, this attack can occur even if the user relies on a separate device to generate seed words.
The disclosure report, authored by Lloyd Fournier, Nick Farrow, and Robin Linus, highlights how the hardware wallet’s firmware can embed seed words into low entropy secret nonces used to sign transactions. These signatures are then posted to the blockchain, where the attacker can identify and record them. By employing Pollard’s Kangaroo Algorithm, the attacker can compute the secret nonces from their public counterparts and derive the user’s full set of seed words.
To counter this threat, the report recommends that hardware wallet manufacturers implement stringent measures to prevent malicious firmware infiltration. These measures include secure boot, locked interfaces, reproducible and vendor-signed firmware builds, and other security features. Additionally, wallet owners are advised to store their devices securely in secret places, personal safes, or tamper-evident bags.
It’s crucial for wallet software to incorporate anti-exfiltration signing protocols to prevent hardware wallets from producing nonces independently. Bitcoin wallet vulnerabilities have historically led to significant losses for users, emphasizing the importance of staying vigilant and adopting robust security practices.
Stay informed about the latest developments in the cryptocurrency landscape by subscribing to the Markets Outlook newsletter. Receive valuable insights to identify investment opportunities, mitigate risks, and enhance your trading strategies every Monday. Join our community of informed investors to stay ahead of the curve.