Developers have revealed a new method for hacking hardware bitcoin wallets
With its help, an attacker can get the full seed phrase for a victim’s wallet from two of its blockchain transactions
09.08.2024 - 15:20
164
3 min
0
What’s new? Researchers have discovered a new method that hackers can use to extract secret keys from a hardware bitcoin wallet using just two signed transactions. The vulnerability, dubbed “Dark Skippy,” potentially affects all hardware wallet models, but it can only work if an attacker tricks a victim into downloading malware.
What else is known? The previous version of the method required the victim to send “dozens” of transactions, while the new version of “Dark Skippy” can be implemented even if the victim only sends a couple of transactions to the blockchain. In addition, the attack can be executed even if the user uses a separate device to generate seed phrases.
The report was published by Lloyd Fournier and Nick Farrow, co-founders of hardware wallet maker Frostsnap, as well as Robin Linus, the co-creator of bitcoin protocols ZeroSync and BitVM.
According to the report, hardware wallet firmware can be programmed to insert portions of a user's seed phrases into “low entropy secret nonces,” which are then used to sign transactions. The resulting signatures are sent to the blockchain after transactions are confirmed. An attacker can then scan the blockchain to find and record these signatures.
The final signatures contain only the public nonces, not the seed-phrase parts themselves. However, an attacker can input these public nonces into Pollard’s Kangaroo Algorithm to successfully compute secret nonces from their publicly available versions.
Pollard’s Kangaroo Algorithm by mathematician John Pollard is designed to solve the discrete logarithm problem.
In this way, it is possible to get the full seed phrase of a user, even if he created only two signatures from his compromised device, and the seed phrase was generated on another device.
The authors suggest that wallet manufacturers should strengthen methods to protect devices from third-party software intrusion and limit the ability of devices to generate nonces, and users should store devices more securely, for example, in safes or tamper-proof bags.
Vulnerability with a risk of private key leakage has been discovered in Apple’s macOS chips
It stems from the microarchitecture of the chips and cannot be eliminated
In August 2023, IS company SlowMist reported that more than $900 000 worth of bitcoins were stolen due to a vulnerability in the Libbitcoin explorer library. In November, Unciphered reported that $2,1 billion worth of BTC stored in legacy wallets could be withdrawn by attackers due to a bug in the BitcoinJS wallet software.
Useful material?
Market
According to the founder of TRON, the leading US crypto exchange asked for several hundred million dollars for the listing of TRX
Nov 4, 2024
Incidents
The company conducted fictitious trading for six years to inflate the trading volume of tokens of several companies, receiving payment for these services
Nov 1, 2024
Market
1,5 million addresses have already left applications
Oct 31, 2024
Business
The company began investing in bitcoin in 2020, and since then, the value of its securities has risen by 1700%
Oct 30, 2024
Mining
The Deputy Energy Minister explained that in deficit regions, it is impossible to allocate large capacities for industry enterprises until 2030
Oct 30, 2024
Market
Customers will also be able to withdraw funds to bank accounts using cards
Oct 30, 2024