Developers have revealed a new method for hacking hardware bitcoin wallets
With its help, an attacker can get the full seed phrase for a victim’s wallet from two of its blockchain transactions
09.08.2024 - 15:20
188
3 min
0
What’s new? Researchers have discovered a new method that hackers can use to extract secret keys from a hardware bitcoin wallet using just two signed transactions. The vulnerability, dubbed “Dark Skippy,” potentially affects all hardware wallet models, but it can only work if an attacker tricks a victim into downloading malware.
What else is known? The previous version of the method required the victim to send “dozens” of transactions, while the new version of “Dark Skippy” can be implemented even if the victim only sends a couple of transactions to the blockchain. In addition, the attack can be executed even if the user uses a separate device to generate seed phrases.
The report was published by Lloyd Fournier and Nick Farrow, co-founders of hardware wallet maker Frostsnap, as well as Robin Linus, the co-creator of bitcoin protocols ZeroSync and BitVM.
According to the report, hardware wallet firmware can be programmed to insert portions of a user's seed phrases into “low entropy secret nonces,” which are then used to sign transactions. The resulting signatures are sent to the blockchain after transactions are confirmed. An attacker can then scan the blockchain to find and record these signatures.
The final signatures contain only the public nonces, not the seed-phrase parts themselves. However, an attacker can input these public nonces into Pollard’s Kangaroo Algorithm to successfully compute secret nonces from their publicly available versions.
Pollard’s Kangaroo Algorithm by mathematician John Pollard is designed to solve the discrete logarithm problem.
In this way, it is possible to get the full seed phrase of a user, even if he created only two signatures from his compromised device, and the seed phrase was generated on another device.
The authors suggest that wallet manufacturers should strengthen methods to protect devices from third-party software intrusion and limit the ability of devices to generate nonces, and users should store devices more securely, for example, in safes or tamper-proof bags.
Vulnerability with a risk of private key leakage has been discovered in Apple’s macOS chips
It stems from the microarchitecture of the chips and cannot be eliminated
In August 2023, IS company SlowMist reported that more than $900 000 worth of bitcoins were stolen due to a vulnerability in the Libbitcoin explorer library. In November, Unciphered reported that $2,1 billion worth of BTC stored in legacy wallets could be withdrawn by attackers due to a bug in the BitcoinJS wallet software.
Useful material?
Market
The company’s unrealized profits from investing in its first cryptocurrency approached $14 billion
Nov 19, 2024
Incidents
The search, the reason for which was not announced, took place a week after the election, the results of which Polymarket users predicted quite accurately
Nov 14, 2024
Market
Analysts point to the growing popularity of the first cryptocurrency as a safe haven asset
Nov 13, 2024
Market
The product will begin trading on the Swiss Exchange on November 19
Nov 12, 2024
Market
The company’s unrealized profits from investing in the first cryptocurrency approached $13 billion
Nov 12, 2024
Market
The company predicts that the rate of the first cryptocurrency will grow to $200 000 by the end of next year
Nov 11, 2024