Key Insights
- Researchers discover “Dark Skippy,” a new hacking method that can extract private keys from Bitcoin hardware wallets using only two signed transactions
- The vulnerability affects all hardware wallet models but requires users to download malicious firmware
- Experts recommend enhanced security measures for manufacturers and users, including secure boot processes and anti-exfiltration signing protocols
NEW YORK (MarketsXplora) – Cybersecurity experts have unveiled a new hacking technique dubbed “Dark Skippy” that could potentially compromise Bitcoin hardware wallets, raising alarms in the cryptocurrency community.
The vulnerability, discovered by researchers Lloyd Fournier, Nick Farrow, and Robin Linus, allows hackers to extract private keys from hardware wallets using only two signed transactions. This method, detailed in a report published on August 5, represents a significant evolution from previous attacks that required dozens of transactions.
“Dark Skippy exploits an existing vulnerability in a novel way,” explained Fournier, co-founder of hardware wallet manufacturer Frostsnap. “It’s particularly concerning because it can work even if seed words are generated on a separate device.”
The attack hinges on malicious firmware that embeds portions of users’ seed words into “low entropy secret nonces” used for transaction signing. When these transactions are confirmed on the blockchain, attackers can scan for and record the resulting signatures.
While these signatures contain only “public nonces,” hackers can employ Pollard’s Kangaroo Algorithm – a computational algebra method developed by mathematician John Pollard – to derive the secret nonces and, ultimately, the user’s full set of seed words.
“This technique is far more efficient than previous ‘nonce grinding’ methods,” Linus, a co-developer of Bitcoin protocols ZeroSync and BitVM, told MarketsXplora. “It’s a wake-up call for the entire hardware wallet industry.”
The researchers emphasize that while the vulnerability potentially affects all hardware wallet models, it requires users to unknowingly download compromised firmware. To mitigate this risk, they recommend manufacturers implement stringent security measures such as secure boot processes, locked JTAG/SWD interfaces, and reproducible, vendor-signed firmware builds.
For users, the report suggests additional precautions like storing devices in secure locations or using tamper-evident bags, though acknowledging these methods may be cumbersome. Another proposed solution involves implementing “anti-exfiltration” signing protocols to prevent hardware wallets from independently producing nonces.
This revelation comes amid growing concerns over Bitcoin wallet security. In August 2023, cybersecurity firm SlowMist reported over $900,000 worth of Bitcoin stolen due to a flaw in the Libbitcoin explorer library. More alarmingly, Unciphered disclosed in November that $2.1 billion in Bitcoin held in older wallets could be at risk due to a vulnerability in BitcoinJS wallet software.
“The race between wallet security and hacking techniques is never-ending,” Farrow noted. “Our goal in publicizing this vulnerability is to push the industry towards more robust security paradigms.”
The researchers have not disclosed whether any actual attacks using this method have been detected in the wild, emphasizing that their work aims to preemptively address potential threats to the cryptocurrency ecosystem.