A new hacking method dubbed "Dark Skippy" has Bitcoin users on edge. It can steal private keys from hardware wallets with just two transactions. The vulnerability affects all hardware wallet models.
The catch? Attackers need victims to download dodgy firmware. But once in, it's game over.
Security researchers Lloyd Fournier, Nick Farrow, and Robin Linus spilled the beans on August 5. They're not your average Joes. Fournier and Farrow co-founded hardware wallet maker Frostsnap. Linus co-developed Bitcoin protocols ZeroSync and BitVM.
Here's the kicker: malicious firmware can hide bits of seed words in transaction signatures. These signatures hit the blockchain when transactions go through. Attackers then scan for these signatures.
But wait, there's more. The signatures only contain "public nonces," not the actual seed words. Clever hackers use Pollard's Kangaroo Algorithm to crack the code.
This math wizardry, courtesy of John M. Pollard, solves the discrete logarithm problem. It's a real head-scratcher for crypto nerds.
The researchers claim they can nab a user's full seed words with just two signatures. It doesn't matter if the seed words came from another device. Talk about a security nightmare.
This isn't totally new. Older versions used "nonce grinding," a slower method needing loads more transactions. But the researchers aren't calling "Dark Skippy" a brand-new threat.
So, what's the fix? Hardware wallet makers need to up their game. They suggest "secure boot and locked JTAG/SWD interfaces" and "reproducible and vendor signed firmware builds."
Users aren't off the hook either. The report recommends keeping devices in "secret places, personal safes, or maybe even tamper-evident bags." A bit of a hassle, no?
Another option? "Anti-exfiltration" signing protocols. These stop hardware wallets from cooking up their own nonces.
Bitcoin wallet flaws have caused big losses before. In August 2023, over $900,000 worth of Bitcoin vanished due to a Libbitcoin explorer library bug. In November, Unciphered warned that $2.1 billion in old wallets might be at risk from BitcoinJS wallet software issues.
The crypto world's got its work cut out. "Dark Skippy" is just the latest in a long line of security headaches. But for Bitcoin believers, it's all part of the game.