Hackers have found a way to hack any hardware cryptocurrency wallet

Computer security experts have discovered a new way to steal private keys from hardware crypto wallets that works on any device. The malicious method is called Dark Skippy and requires only two signed transactions from the user to obtain the key. The main danger is that this requires the user to install firmware with malicious code, which can be posted on dubious resources on the Internet.

The Dark Skippy method allows attackers to obtain parts of the passphrase even if the victim uses unmodified third-party equipment to generate it. This is achieved by embedding parts of the passphrase in special low-entropy fields used to sign transactions. The resulting signatures can be decrypted using the Pollard kangaroo algorithm, which allows recovering parts of the passphrase.

The kangaroo algorithm is a special method used to solve some complex mathematical problems, such as the discrete logarithm problem. This method is especially useful in cryptography, where it is used to crack cryptographic systems (ed.).

The founders of Frostsnap, a hardware wallet company, advise users to avoid installing unverified firmware and follow the manufacturers' security recommendations. They also recommend that hardware wallet manufacturers improve signature protocols to make it impossible to decrypt signatures.

Previously, similar attacks Ledger-mogly-staty-zhertvamy-kibershpygunstva/«>have already been carried out on hardware wallets, including the Ledger Connect Kit, which led to the loss of funds by users. Ledger promised to compensate the victims.