Highlander · April 30, 2025
"Dark Skippy: Understanding the Ramifications"
Loading…
Keep your crypto safe.
Open-source hardware wallet with 7,500+ supported assets. Your keys never leave the device.
Open sourceFree shipping30-day returns
Open-source hardware wallet with 7,500+ supported assets. Your keys never leave the device.
A signature-based exfiltration attack on hardware wallets called Dark Skippy was disclosed by Bitcoin researchers in 2024. It's the most efficient member of a class of attacks that has been known in the literature for years — covert channels through signatures — and it raises the stakes on a question every hardware-wallet owner should already have an answer to: do you actually trust the firmware running on your device?
This article explains the attack, its real threat model, who is and isn't affected, and the concrete steps you should take if your security plan was relying on "the device is sealed so I'm fine."
Every digital signature your hardware wallet produces uses a per-signature random value (called the "nonce" —
krDark Skippy exploits this. A maliciously firmwared signer doesn't pick its nonces randomly — it picks them so they secretly encode bits of the private key (or any other secret on the device) inside the public-by-design signature data. The signatures are perfectly valid Bitcoin signatures. Anyone watching the chain just sees normal transactions. But an attacker who knows what to look for can decode the leak from a small number of transactions and walk away with the wallet's full secret material.
The improvements Dark Skippy adds over older covert-channel attacks are:
Important: Dark Skippy requires a signer to already be running malicious firmware. It is not a remote attack on a device sitting in your drawer. As of disclosure, it has not been seen in the wild. The risk is structural, not active.
Three layers have to fail before Dark Skippy steals your funds:
Step 1 is the attack surface. Steps 2 and 3 follow automatically once step 1 is in place. So the entire defensive game is preventing or detecting malicious firmware.
Hardware wallet manufacturers fall into two categories on this question:
Devices where you, the user, can build the firmware from public source code and verify the binary on your device byte-for-byte:
These devices ship signed firmware that you can verify came from auditable source code. Dark Skippy could only land on one of these via a compromise of the build pipeline, the signing key, or a supply-chain interception of physical units — all of which are detectable in principle and audit-able in practice.
Devices where you cannot verify the running firmware against public source:
If the firmware running on your device cannot be reproduced from public source, you are trusting the manufacturer not to ship a Dark-Skippy-capable build. That is exactly the trust assumption Dark Skippy is designed to exploit.
Reputable manufacturers layer multiple defenses against supply-chain attacks:
These defenses are good. They are not perfect. The history of "supply chain interception attacks against shipped hardware wallets that were caught after the fact" is long enough to establish the threat as real, even if uncommon.
These are layered. Pick the level that matches the value at risk.
If your hardware wallet supports it (KeepKey does), reproduce the firmware build from public source and confirm the binary on your device matches. This is the single highest-leverage thing you can do — it transforms "trust the company" into "trust the math."
For devices where you can't verify firmware, the supply chain is the trust anchor. Buy directly from the manufacturer's website, not from third-party marketplaces. A device that takes a detour through an unknown distributor is one that an attacker has had a window to modify.
This is the recommendation we keep coming back to, and Dark Skippy makes it more important, not less:
For long-term holdings, do not trust a single vendor. Use multi-vendor, multi-sig.
A 2-of-3 multisig with KeepKey + a second hardware vendor + a paper or steel cold backup means that even a successful Dark-Skippy-style compromise of any one vendor cannot move funds. The attacker has to compromise two independent vendors simultaneously — a substantially harder task. See Multi-Vendor Bitcoin Multisig for setup.
This is, somewhat unusually, advice from a hardware wallet manufacturer recommending you not put 100% of your holdings on our device. The math of multisig is the right answer regardless of who makes the hardware.
The instinct after reading about a hardware-wallet vulnerability is sometimes "I'll just use a software wallet." Don't. Software wallets are vulnerable to a much larger class of attacks — any malicious dependency in the software stack, any keylogger on the host, any compromised browser extension. A hardware wallet on its worst day is still vastly safer than a hot wallet on its best day.
Vulnerability disclosures are followed by mitigations. Keep your firmware current via Vault Desktop's update flow.
Dark Skippy didn't change the threat landscape so much as crystallize a point that's been latent in hardware-wallet security for a decade: closed-source firmware is a trust contract, not a security guarantee. As long as you cannot verify what's running on the device, the device is exactly as trustworthy as the company that built it. Dark Skippy makes the worst-case behavior of an untrustworthy company much more efficient — but the worst case was always there.
The solution isn't to abandon hardware wallets. It's to insist on the verifiable, open-source ones, and to layer multisig for value at risk that exceeds a single-vendor failure budget.
That's the recommendation regardless of who you buy from.