Stop blindly trusting hardware wallets
I've written a lot about this topic. I've done my research and I know what I'm talking about. We tend to blindly trust hardware wallets and "cold storage" even though at the end of the day they're grounded on a foundation of trusting a centralized agent. It's a topic I've been discussing as far back as 2020, and this latest Dark Skippy vulnerability reconfirms everything I've said and then some.
What is Dark Skippy?
It's a tainted firmware update that can steal your keys by encoding them publicly on the blockchain. The software creates weak signatures on purpose to hide the data inside of legitimate transactions. When enough of these weak signatures are combined together they reveal the master seed that secures all the crypto on that wallet.
When this vulnerability first made the rounds it required dozens of transactions and weak signatures to be posted to the blockchain. Now it only requires two or three. Two transfers out of wallet and the seed for all the crypto on that device will be exposed to the attacker. Not great.
Every time I get a notification saying I need to update my firmware I cringe. Trezor does this ALL THE TIME. It's so bad. What is the point of a hardware wallet if code from outside the device is constantly being injected into it? It's crazy to think that a protocol like Dark Skippy would completely circumvent even the security of an air-gapped hardware wallet because the data is pulled directly from the public blockchain rather than extracted from the device.
Dark Skippy" Vulnerability
How do I protect myself from this type of attack?
1. Order hardware signing devices straight from the vendors, if possible. The more direct, the lower the likelihood of tampering.
2. Use hardware vendors that have tamper-resistant mechanisms in place, such as tamper-evident sealed bags, firmware attestation, etc.
3. Use hardware that employs a secure bootloader and enables you to easily verify the integrity of the source firmware and its updates.
4. Use hardware that follows security standards in generating nonces. One such standard is RFC6979 (deterministic nonces).
5. Verify the authenticity of the firmware every time you upgrade. (Tip: bookmark the vendor website to avoid phishing).
6. Avoid upgrading firmware unless you absolutely have to. Use another device if you want to experiment with firmware features that you don’t actually need for your main wallet.
7. Use multisig, preferably multi-vendor multisig. This alone significantly increases the difficulty of executing the attack.
lol... notice anything?
In pretty much ALL CASES it is blatantly implied that we have to trust the firmware that we download from "official" sources. This is the problem that I bring up time and time again. How much longer until governments around the world demand (behind closed doors of course) that companies like Trezor and Ledger embed these kinds of backdoors into the firmware on purpose so they can "fight terrorism" or whatever other flavor of excuse they decide to use? In fact it would honestly be foolish to think that this type of thing isn't already going on. Does the NSA already know your seed phrase? It's very possible, and you'd never know it.
‘Dark Skippy’ method can steal Bitcoin hardware wallet keys
According to the report, a hardware wallet’s firmware can be programmed to embed portions of the user’s seed words into “low entropy secret nonces,” which are then used to sign transactions. The resulting signatures get posted to the blockchain when transactions are confirmed. The attacker can then scan the blockchain to find and record these signatures.
So once this has happened there's basically no way to check if the signatures being created are tainted or not. Maybe one day there will be a way to check but how many users are actually going to do that? What's the real solution here?
Hm well yet again Hive has already solved this problem.
How many times have you updated your Hive firmware over the last few years? The answer is zero because we don't have firmware or hardware wallets, and we don't need them either. The seemingly unique ability to have multiple layers of security (owner/active/posting/memo) once again proves itself to be the superior solution.
Even active keys that find their way onto a hardware wallet (like Ledger) can't be reverse-engineered in order to find the master key. Hive master-keys exist as an offline tool and aren't even a requirement for creating keys or using the network. And even if it was possible to somehow extract an owner key (which it's not because it doesn't exist on these devices) we have another failsafe behind it with account recovery. That's multiple layers of better security than a hardware wallet, all made possible with timelocks and yield/staking/governance incentives to insure that a majority of users actually partake in the solution.
It's actually somewhat embarrassing at this point that top tier assets like Bitcoin and Ethereum don't have timelocked wallet recovery using their extensive multisig operations. What is the excuse at this point? I guess it's just anther signal that we are very far away from mainstream adoption. It's simply not a priority, until it is. Make no mistake that once people start dying (hopefully from old age) and we require better transitions for succession: this type of technology will become an absolute requirement of any network.
Conclusion
Are you scared anon? Maybe you should be depending on how your crypto is secured and how you're getting those firmware updates. It's exploits like these that prove that putting all the eggs in one basket is never the answer despite how good the security of that basket may seem. I would sooner store my crypto across ten centralized exchanges than put it all on a single hardware wallet.
When the overwhelming consensus to a firmware attack is "make sure you get the official software" we have a huge problem and conflict of ideals. The cognitive dissonance is strong. We arrived here in the first place because we didn't trust authority. Now we're being told to trust authority all over again. It will not end well.
The production of hardware wallets themselves has to be decentralized, airgapped, and verifiable by the user. It is not acceptable for centralized "trustworthy" companies to be making these devices and acting as though the government can't force them to inject backdoors into the firmware. Now that we see just how powerful those backdoors can be (public and also undetectable) this is a topic worth taking much more seriously.