Author: OneKey Chinese Source: X, @OneKeyCN
Recently, the overseas encryption security circle has exploded! Another improved method of cracking hardware wallets has been disclosed, which is faster and more efficient. Are hackers and white hats also doing "Olympics"?
In this article, OneKey will explain all this to you in the simplest language possible. Let's dive into this topic together.
1. How do hackers crack hardware wallets?
Flashing malicious firmware: The attacker flashes malicious firmware to your hardware wallet.
Send transaction: The hacker uses this hardware wallet with malicious firmware to send a Bitcoin transaction. The malicious firmware will "embed" your mnemonic into the transaction through a low-randomness signature, and the transaction will be publicly stored on the blockchain.
Extract mnemonic: The attacker finds your transaction on the blockchain and runs a special algorithm to extract your Bitcoin mnemonic from it.
Steal Bitcoin: After obtaining the mnemonic, the attacker can access and steal your Bitcoin.
2. What is the principle of this attack algorithm?
To understand this algorithm, you need to have some understanding of BTC transfers. If you are not the kind of curious person who likes to get to the bottom of things, you can jump directly to the next section to learn how to avoid being attacked.
Before transferring Bitcoin, you need to prepare the transaction data, including the input (the source of the Bitcoin you want to spend) and the output (where you want to transfer the Bitcoin). Then, the message hash value is calculated through the hash algorithm, which is the data summary that needs to be signed, which can be understood as "condensed transaction data".
Key step: Signature
Next is the highlight: you need to sign this transaction data. Taking the Elliptic Curve Digital Signature Algorithm (ECDSA) as an example, you need to combine an internal random number k to generate the signature result.
The introduction of the random number k is to ensure the uniqueness and security of each signature. If you use the same random number k every time, even if the message (transaction) you sign is different, the generated signature may show a pattern, so that the attacker can crack your private key through mathematical analysis.
Therefore, using an unpredictable random number k each time ensures that each signature generated is unique, even if the same message is signed multiple times, the results will be different.
Finally, the miners will verify and package the transaction and broadcast it to the blockchain.
How do hackers use weak random number attacks?
Although it is impossible to read the private key directly from the encryption chip, if the hacker can modify the random algorithm in your firmware so that the random number k is no longer random, then after several signatures, your private key can be deduced through the information broadcast on the chain.
In Dark Skippy, hackers reduce this requirement to only 2 signatures (for 12 mnemonics) or 4 signatures (for 24 mnemonics) to crack the private key. This is more efficient than previous methods.
3. How to avoid being attacked?
The key to the success of this type of attack is that the hacker successfully obtained the user's hardware wallet and implanted malicious firmware.
Therefore, it is recommended to take the following protective measures:
1. Ensure the security of the hardware wallet
Prevent supply chain attacks: Ensure that the hardware wallet has not been touched by a third party from the factory, transportation to your hands. Now many hardware wallet brands, including OneKey, have multi-layer anti-tampering designs to ensure that any signs of tampering can be immediately discovered.
Record unpacking: It is recommended that you record the unpacking process from the time you receive the goods as a basis for after-sales service.
Keep your wallet safe: After you start using it, make sure your hardware wallet is not accessible to others to prevent malicious modification.
2. Ensure the security of the firmware code
Download updates from official channels: Make sure you download firmware updates from official channels.
Do a good job of verification: Different manufacturers have different measures. Taking OneKey as an example, our software and hardware codes are open source and have passed audits by well-known security organizations. OneKey's latest hardware uses multiple military-grade confidential EAL 6+ chips. The machine and App will automatically verify the firmware. The signature of unofficial firmware will be detected and the mnemonic data will be hard erased.
4. Conclusion
In any case, if the hardware wallet is lost or falls into the hands of hackers, it is recommended to immediately activate the backup mnemonics and transfer assets as soon as possible to ensure that nothing goes wrong. Compared with the online storage of mnemonics and phishing attacks, this risk is still relatively small.