Developers have revealed a new method for hacking hardware bitcoin wallets

What’s new? Researchers have discovered a new method that hackers can use to extract secret keys from a hardware bitcoin wallet using just two signed transactions. The vulnerability, dubbed “Dark Skippy,” potentially affects all hardware wallet models, but it can only work if an attacker tricks a victim into downloading malware.

Researchers’ report

What else is known? The previous version of the method required the victim to send “dozens” of transactions, while the new version of “Dark Skippy” can be implemented even if the victim only sends a couple of transactions to the blockchain. In addition, the attack can be executed even if the user uses a separate device to generate seed phrases.

The report was published by Lloyd Fournier and Nick Farrow, co-founders of hardware wallet maker Frostsnap, as well as Robin Linus, the co-creator of bitcoin protocols ZeroSync and BitVM.

According to the report, hardware wallet firmware can be programmed to insert portions of a user's seed phrases into “low entropy secret nonces,” which are then used to sign transactions. The resulting signatures are sent to the blockchain after transactions are confirmed. An attacker can then scan the blockchain to find and record these signatures.

The final signatures contain only the public nonces, not the seed-phrase parts themselves. However, an attacker can input these public nonces into Pollard’s Kangaroo Algorithm to successfully compute secret nonces from their publicly available versions.

Pollard’s Kangaroo Algorithm by mathematician John Pollard is designed to solve the discrete logarithm problem.

In this way, it is possible to get the full seed phrase of a user, even if he created only two signatures from his compromised device, and the seed phrase was generated on another device.

The authors suggest that wallet manufacturers should strengthen methods to protect devices from third-party software intrusion and limit the ability of devices to generate nonces, and users should store devices more securely, for example, in safes or tamper-proof bags.

Vulnerability with a risk of private key leakage has been discovered in Apple’s macOS chips

It stems from the microarchitecture of the chips and cannot be eliminated

Read more

In August 2023, IS company SlowMist reported that more than $900 000 worth of bitcoins were stolen due to a vulnerability in the Libbitcoin explorer library. In November, Unciphered reported that $2,1 billion worth of BTC stored in legacy wallets could be withdrawn by attackers due to a bug in the BitcoinJS wallet software.