"Dark Skippy" mechanism can steal the private keys of Bitcoin hardware wallets
Security researchers have discovered a new attack mechanism called "Dark Skippy", which hackers can use to extract private keys from bitcoin hardware wallets with only two signed transactions, according to a new report. The flaw could affect all hardware wallet models, but would only work if victims were tricked into downloading malicious firmware.
Whereas the previous version of "Dark Skippy" required dozens of transactions to function, the new version of "Dark Skippy" can execute only a few transactions. In addition, the attack can be performed even if the user relies on a separate device to generate mnemonic words.
The disclosure was published by Lloyd Fournier, co-creator of hardware wallet maker Frostsnap, and Nick Farrow and Robin Linus, co-developer of the bitcoin protocol ZeroSync and BitVM.