Bitcoin (BTC) and crypto users have been warned about two new threats that could compromise their funds.
Security experts have identified a new method called "Dark Skippy," which can be used to steal private BTC keys, even from hardware wallets. Additionally, scammers have started using fake QR codes to target victims.
In the Dark Skippy disclosure report, Lloyd Fournier and Nick Farrow, co-founders of the upcoming hardware wallet Frostsnap, along with Robin Linus, a developer of bitcoin protocols ZeroSync and BitVM, stressed that the method requires a signer to be compromised via malicious firmware. According to the authors, Dark Skippy has not yet been observed in the wild.
Contrary to the popular belief that a malicious signing device takes dozens of signatures or transactions to leak a secret seed to an attacker by covertly embedding it inside transaction signatures, just two signatures are enough, they explained.
In addition to preventing malevolent firmware from being loaded, the report's authors have proposed several protocol-level techniques and introduced new approaches, such as mandatory adaptor signatures.
Meanwhile, the blockchain data analysis company Bitrace has warned that scammers are now using malicious QR codes to steal crypto assets.
The "QR code transfer test" scam tricks users into authorizing access to their wallets. After befriending a victim and building trust on social media, scammers offer a transaction at better rates than those in the market and ask for a test payment. They present a QR code that directs the victim to a malicious website, where the unsuspecting user inadvertently gives access to their wallet.
"For OTC [over-the-counter] transactions outside platforms, users must carefully verify the other party’s identity and avoid trusting unknown QR codes or links. Additionally, performing a risk check on the counterparty’s address before the transaction is crucial," Bitrace warned.
Your email address will not be published. Required fields are markedmarked