‘Dark Skippy’ Method Can Steal Bitcoin Hardware Wallet Keys
Security researchers have discovered a new technique that hackers can use to extract private keys from Bitcoin hardware wallets, even with two signed transactions, and they've dubbed it “darkskippy.”
The vulnerability can affect all hardware wallet models — though only if an attacker tricks a victim into downloading malware.
An earlier version of the scheme required the victim to post “dozens” of transactions to the blockchain. But the new version of “Dark Skippy” can be done even if the victim posts only two transactions to the blockchain. In addition, the attack can be carried out even if the user relies on a different tool to generate the seed words.
The disclosure report was published on August 5 by Lloyd Fournier, Nick Farrow and Robin Linus. Fournier and Farrow are co-founders of hardware wallet maker FrostSnap, and Linus is a co-developer of the Bitcoin protocols ZeroSync and BitVM.
According to the report, hardware wallet firmware can be programmed to partially encode a user's seed words into “low-entropy secret nonces” that can be used to sign transactions. When transactions are verified, the resulting signatures are posted to the blockchain. The attacker can scan the blockchain to find and record these signatures.
The signatures found contained only “public opinion” and not their own racial words. However, an attacker can hack into Pollard's Kangaroo algorithm to successfully compute non-secrets from their public versions.
Pollard's Kangaroo Algorithm, by mathematician John M.
According to the researchers, a user's entire genealogy can be obtained with this method even if the user only extracts two signatures from their compromised device and the genealogy was generated by a different device.
RELATED: Major Wallet Vulnerability Revealed When User Recovers Barely 9 BTC
Earlier versions of the vulnerability had already been documented, the researchers said. However, these older versions rely on a much slower process that requires many more transactions to post on the blockchain. Even so, the researchers stopped short of calling DarkSkip a new vulnerability, saying instead that it's “a new way to exploit an existing vulnerability.”
To counter the threat, the report suggests hardware wallet manufacturers should take more precautions to prevent malware from getting into users' devices, such as “secure boot and a locked JTAG/SWD interface.” […] Reproducible and vendor signed firmware builds[,…] [and] Other security features.” Additionally, it suggests that wallet owners may want to employ mechanisms to secure their devices, including “secret slots, private vaults, or perhaps transparent wallets,” though the report says these practices can be “inconvenient.”
Another suggestion is for wallet software to use “anti-exfiltration” signature protocols that prevent the hardware wallet from producing anything on its own.
Bitcoin wallet vulnerabilities have caused huge losses to users in the past. In the year In August 2023, cyber security firm SlowMist reported that over $900,000 worth of bitcoins were stolen due to a flaw in the libbitcoin browser library. In November, Unciphered reported that $2.1 billion worth of bitcoins held in old wallets could be at risk of being leaked by attackers due to a flaw in the BitcoinJS wallet software.
Magazine: ‘Elon Musk in Bitcoin 2024' Scam, Lazarus Group Hack, MOG Phishing: Crypto-Sec