Security experts have identified a new and concerning flaw in Bitcoin hardware wallets, known as “Dark Skippy” that allows hackers to easily extract private keys from a wallet using only two signed transactions, countering the previous methods that required many more transactions.
The discovery was detailed in a report published on August 5 by Lloyd Fournier, Nick Farrow, and Robin Linus.
According to the report, the Dark Skippy attack works by tricking the victim into installing malicious firmware on their hardware wallet. This compromised firmware embeds parts of the user’s seed words into “low entropy secret nonces” used in transaction signatures.
When these signatures are recorded on the blockchain, attackers can analyze them to derive the original seed words using Pollard’s Kangaroo Algorithm, which allows the extraction of secret nonces from its public counterparts.
The vulnerability affects all hardware wallet models, but only if the hacker successfully gets the victim to install the fake firmware. Unlike earlier methods that required many transactions to be posted to the blockchain, Dark Skippy can be executed with just two transactions, even if the seed words are generated on a separate device.
To mitigate this risk, the researchers suggest that hardware wallet makers improve their security features, such as secure boot systems and firmware checks. They also recommend that users keep their devices safe, though some suggested methods might be difficult to follow.
Also Read: CFTC Awards $1M to Crypto Whistleblower
