Hackers have found a way to obtain the private key from any hardware wallet
Computer security experts have discovered a new way to steal private keys from hardware wallets, and the method works on any device, and only two signed transactions are needed to steal the key. The new method is called Dark Skippy. Any hardware wallets are at risk, but to do this, the user must download and install firmware with malicious code. Such code can be placed on unverified sites on the Internet. If you use firmware from the manufacturer, the wallet seed phrase should remain safe. Hackers have previously used a similar method, but the user had to sign dozens of transactions for the attackers to be able to decrypt the private key. But with the Dark Skippy method, hackers only need to obtain data from two transactions. At the same time, within the framework of the new method, the seed phrase can be obtained even if the victim uses a third-party, uncompromised device to generate the seed phrase. The Dark Skippy method was announced by the co-founders of hardware wallet company Frostsnap, Lloyd Fournier, Nick Farrow and Robin Linus.According to them, the malicious firmware embeds part of the seed phrase into “secret low-entropy fields” that are then used to sign transactions. Hackers can extract these signatures, decrypt them using the Pollard Kangaroo Algorithm (an algorithm for solving the discrete logarithm problem), and obtain parts of the seed phrase from them. Frunier, Farrow, and Linus advised hardware wallet manufacturers to take additional measures to protect devices from unauthorized firmware. It is possible to develop more reliable signature protocols that will eliminate the possibility of decryption. Wallet owners should also be careful. Late last year, hackers managed to hack the Ledger Connect Kit for Ledger hardware wallets. Some users lost funds, but the company promised to compensate for the loss.
#BNB #HackersAttack #Bitcoin #binance #Web3
