How malicious hardware wallet firmware can leak your Bitcoin seed phrase

  cryptoslate.com 34 m

Dark Skippy, a recently discovered attack vector, poses a significant threat to the security of Bitcoin hardware wallets. The method allows a compromised signer to exfiltrate its master seed phrase by embedding portions into transaction signatures, requiring only two transactions to complete. Unlike previous assumptions that multiple transactions were necessary, this streamlined approach means that a single use of a compromised device can lead to a complete security breach.

The attack hinges on using malicious firmware that alters the standard signing process. Typically, signing operations use a randomly generated nonce as part of the Schnorr signature process. However, in a device compromised by Dark Skippy, the firmware instead uses deterministic, low-entropy nonces derived from the master seed. Specifically, the first half of the seed is used for one transaction and the second half for another, allowing an attacker to piece together the entire seed if they can observe both transactions.

This attack requires that the signing device be corrupted, which can occur through various means: malicious firmware could be installed by an attacker or inadvertently by a user; alternatively, attackers might distribute pre-compromised devices through supply chains. Once in place, the compromised firmware embeds secret data within public transaction signatures, effectively using the blockchain as a covert channel to leak sensitive information.

The attacker monitors the blockchain for transactions with a specific watermark that reveals the presence of the embedded data. Utilizing algorithms such as Pollard’s Kangaroo, the attacker can retrieve the low-entropy nonces from the public signature data, subsequently reconstructing the seed and gaining control over the victim’s wallet.

Although this attack vector does not represent a new fundamental vulnerability—nonce covert channels have been known and mitigated to some extent—Dark Skippy refines and exploits these vulnerabilities more efficiently than previous methods. The subtlety and efficiency of this technique make it particularly dangerous, as it can be executed without the user’s knowledge and is challenging to detect after the fact.

Robin Linus is credited with Discovering the attack and bringing attention to its potential during a Twitter discussion last year. Further investigation during a security workshop confirmed the feasibility of extracting an entire 12-word seed using minimal computational resources, demonstrating the attack’s effectiveness and the ease with which it could be executed using even a modestly equipped system.

Mitigations for such attacks include implementing ‘anti-exfil’ protocols in signing devices, which can help prevent the unauthorized leaking of secret data. However, these defenses require rigorous implementation and continuous development to stay ahead of evolving threats.

The cryptographic community and device manufacturers are urged to address these vulnerabilities promptly to safeguard users against potential exploits facilitated by Dark Skippy and similar methods. Users should remain vigilant, ensuring their devices run genuine firmware and are sourced from reputable vendors to minimize the risk of compromise. Further, multi-sig setups can create additional defenses against the attack vector.

Source