What is the ‘Dark Skippy’ method? New Threat to Bitcoin Hardware Wallet Keys

How the Dark Skippy Method Works 

The attack relies on tricking the victim into downloading malicious firmware onto their hardware wallet. Once the malicious software is installed, it can embed hidden data into a public Bitcoin transaction. This hidden data contains parts of the user’s seed words, which are crucial for accessing their Bitcoin. 

The malicious firmware creates “low entropy secret nonces” using the seed words. It then signs Bitcoin transactions with these nonces and posts the signatures to the blockchain. Once on the blockchain, the attacker can scan for these signatures. 

Even though the signatures only contain public nonces (not the actual seed words), the attacker can use a mathematical method called Pollard’s Kangaroo Algorithm to reconstruct the secret nonces. With just two signed transactions, they can potentially recover the user’s full set of seed words, giving them full access to the victim’s Bitcoin. 

Comparison to Previous Methods 

Previous versions of this attack required the victim to post many more transactions to the blockchain, making the process less efficient and more noticeable. The older methods involved a process called “nonce grinding,” which slowed down the attack and needed dozens of transactions. However, the Dark Skippy method works much faster and requires just two transactions, even if the seed words were generated on a different device. 

Who Discovered It? 

Security researchers Lloyd Fournier, Nick Farrow, and Robin Linus reported the vulnerability on August 5th. Fournier and Farrow are co-founders of the hardware wallet manufacturer Frostsnap, and Linus is a co-developer of Bitcoin protocols ZeroSync and BitVM. 

Mitigation Strategies 

To protect against this threat, the researchers recommend several measures: 

For Hardware Wallet Manufacturers: 

• Secure Boot: Ensure that only trusted firmware can run on the device. 

• Locked JTAG/SWD Interfaces: Prevent unauthorized access to the device’s debug interfaces. 

• Reproducible Firmware Builds: Verify that the firmware matches the vendor’s official version. 

• Vendor-Signed Firmware: Use digital signatures to ensure that the firmware hasn’t been tampered with. 

For Users: 

• Use Anti-Exfiltration Protocols: Wallet software should use signing protocols that prevent the hardware wallet from producing nonces on its own. 

• Physical Security: Keep your hardware wallet in a safe location, like a tamper-evident bag or a personal safe. 

• Avoid Untrusted Firmware: Be cautious about downloading firmware from unknown or untrusted sources. 

Recent Bitcoin Wallet Vulnerabilities 

The Dark Skippy method is just one of several recent threats to Bitcoin wallets. In August 2023, cybersecurity firm SlowMist reported that hackers had stolen over $900,000 worth of Bitcoin due to a flaw in the Libbitcoin explorer library. In November, Unciphered revealed that $2.1 billion worth of Bitcoin held in old wallets might be at risk due to a flaw in BitcoinJS wallet software. 

The Dark Skippy method is a concerning development in the ongoing battle to secure Bitcoin hardware wallets. By understanding how this attack works and taking steps to protect their devices, users can reduce the risk of their Bitcoin being stolen. Both manufacturers and users must remain vigilant and implement the recommended security measures to safeguard their assets.