Oddbean new post about | logout
 🚨 DARK SKIPPY SECURITY UPDATE 🚨

There's been some buzz about Dark Skippy, a new attack where a hardware wallet's seed phrase can be exposed over the mempool due to malicious firmware. While technically possible, this attack requires either physical access to your cold wallet or sophisticated social engineering to trick you into installing the malicious firmware. In other words, it's not easy to implement.

To protect yourself:

- Always download firmware directly from the developer's website and verify it before installing.

Additional protections include:

- Building the firmware yourself from source code to avoid the risk of manufacturers signing malicious firmware, though this can be tedious and challenging for some.
- Purchasing hardware directly from a reputable vendor, never from third parties.
- Using a hardware wallet with "anti-exfil" or "anti-klepto" signing protocols. This is not mandatory, and not all wallets have full implementations, but I imagine this could become more common in the future.

Understanding proper security protocols in general is important. That's why we spend considerable time consulting with our clients on this at 
@thebitcoinway 

If you have any questions or concerns, feel free to reach out anytime.
https://m.primal.net/Jpdv.jpg 
 Also verify firmware on bitcoinbinary.Org and walletscrutiny.Com 
 Another option is to NOT use a hardware wallet. Buy an old laptop and use that as a signing device.