Sources
Loading...
Additional media
Loading...
DeepNewz, mobile.
People-sourced. AI-powered. Unbiased News.
Always ensure you're using genuine firmware for hardware wallets. Potential attack vectors are hw wallet websites attempting to replace firmware with malicious versions. Credit to @utxoclub for diving deep into this exploit. https://t.co/VtBX43TgEb
How malicious hardware wallet firmware can leak your Bitcoin seed phrase via @akibablade https://t.co/XX5Yi6QO1N
Great research and security disclosure by @utxoclub @LLFOURN @robin_linus. Here's what you need to know about the 'Dark Skippy' vulnerability: 1. Hardware signing devices insert random values called 'nonces' every time they sign Bitcoin transactions. 2. Weak nonces (values that… https://t.co/oWI2Vyw4Kt
A new security vulnerability called 'Dark Skippy' has been disclosed, highlighting a method by which a malicious signing device can leak secret keys. The exploit involves modifying the signing function of hardware wallets to embed a master secret seed within transaction signatures. This attack can expose the seed phrase of an airgapped hardware wallet over the mempool due to malicious firmware. Researchers emphasize the importance of using genuine firmware to prevent such attacks, as hardware wallet websites may attempt to replace firmware with malicious versions. The disclosure credits @utxoclub, @LLFOURN, and @robin_linus for their research. Hardware signing devices insert random values called 'nonces' every time they sign Bitcoin transactions.