According to Odaily, a recent report reveals that security researchers have identified a new attack mechanism named 'Dark Skippy,' which allows hackers to extract private keys from Bitcoin hardware wallets that require only two signatures for transactions. This vulnerability could potentially affect all models of hardware wallets, but it only becomes effective if the victim is tricked into downloading malicious firmware.
The latest version of 'Dark Skippy' requires significantly fewer transactions to execute compared to its previous iterations, which needed dozens of transactions. Additionally, the attack can be carried out even if users rely on separate devices to generate mnemonic phrases. The disclosure report was published by Lloyd Fournier, Nick Farrow, and Robin Linus. Fournier and Farrow are co-founders of hardware wallet manufacturer Frostsnap, while Linus is a co-developer of the Bitcoin protocols ZeroSync and BitVM.