According to TechFlow, on August 9, Cointelegraph reported that security researchers have discovered an attack mechanism called "Dark Skippy" that hackers can use to extract private keys from Bitcoin hardware wallets through only two signature transactions. This vulnerability may affect all hardware wallet models, but only if the attacker tricks the victim into downloading malicious firmware.

The research report was published on August 5 by Frostsnap co-founders Lloyd Fournier and Nick Farrow and Robin Linus, co-developer of Bitcoin protocols ZeroSync and BitVM. The report states that the firmware of hardware wallets can be programmed to embed parts of the user's mnemonic phrase into "low-entropy secret random numbers" that are used to sign transactions. When a transaction is confirmed, the generated signature is published to the blockchain, and attackers can scan the blockchain to find and record these signatures.

Bitcoin wallet vulnerabilities have caused users to suffer significant losses. In August 2023, SlowMist reported that more than $900,000 worth of Bitcoin was stolen due to a vulnerability in the Libbitcoin explorer library. In November, Unciphered reported that due to a vulnerability in the BitcoinJS wallet software, $2.1 billion worth of Bitcoin may be at risk of being transferred by attackers.