Meme coins

Bitcoin Dark Skippy Attack


Get the paid course here:
https://www.bitcoinuniversity.com/join

In this video, I discuss the Dark Skippy attack that uses malicious firmware to extract your seed from your hardware wallet and broadcast it to the Bitcoin network, where it can be used by an attacker to steal your Bitcoin.

The best ways to protect against Dark Skippy include:

1) Use widely vetted hardware wallets like the Coldcard or Blockstream Jade
2) Make sure they have not been tampered with en route
3) Verify all firmware before installing
4) Consider using multi-vendor multisig

Not investment advice! Consult a financial advisor.

Coldcard tamper-evident bag and features:
https://coldcard.com/docs/quick/

Coldcard verifies the firmware whenever it boots up:
https://coldcard.com/docs/physical-notes/

How to verify Coldcard firmware:
https://coldcard.com/docs/paranoid/
https://coldcard.com/docs/upgrade/#dont-trust-verify-the-firmware

Collaborative custody multisig with Unchained:
https://unchained.com/vaults

I am not being paid or otherwise compensated by any company or cryptocurrency project that I mention in my videos. My opinion is not for sale. Please do not contact me with any affiliate or advertising deals.

#Bitcoin
#DarkSkippy
#Coldcard

Disclaimer
Neither Matthew Kratter’s Bitcoin University, nor any of its directors, officers, shareholders, personnel, representatives, agents, or independent contractors (collectively, the “Operator Parties”) are licensed financial advisors, registered investment advisors, or registered broker-dealers. None of the Operator Parties are providing investment, financial, legal, or tax advice, and nothing in this video, on this YouTube channel, or at www.Trader.University or www.BitcoinUniversity.com (henceforth, “the Sites”) should be construed as such by you. This video, channel, and the Sites should be used as educational tools only and are not replacements for professional investment advice. Trading or investing in new and volatile assets like Bitcoin can be risky.

source

22 Comments

  1. You should do a video on PSBT and how to use it with multisig. There is a lot of differences between how easy this is to use.

  2. Just be because Ledger supports more alt coins does not effect my decision to use ledger. I don’t need to use crazy alt coin apps on my ledger.

  3. good info. the only reaosn i gor jade was you. i feel better now. i just have a question. i use singlesig. but is this normal that i still got couple jades? i thought not to put all my eggs in one jade, so i got 3. does this really help? ive never seen anyone talk about using multi hardware wallets. they all say get a hardware wallet and done. id appreciate your response. thanks

  4. I am NOT a “techie”, but like to keep an open mind to learning new things. This type of technical explanation (while it seems very useful) is VERY intimidating and will inevitably (and unfortunately) keep the masses from ever wanting to use bitcoin. Perhaps, like the internet of 1995, the nuts and bolts of using bitcoin will eventually become easy to use and store.

  5. You never explained how it "steals your seeds from deep inside your hardware wallet". If it's via a compromised firmware or hacked laptop it's obvious and nothing new.

  6. Yeah, I bet you BTC is going to gain so much network adoption so fast..people are going to be using it as the new money in no time when all you have to do is understand two semesters worth of computer science to safely self-custody with 100% certainty. It’ll be a really big hit with the older generations who we all know are super zealous to adopt new technology

  7. Before y'all start panicking, this is a potentially malicious event. All mainstream cold wallets check for malicious firmware. This is an essential aspect of their security model, as the integrity of the firmware is crucial for protecting the private keys stored on the device.
    Hardware wallets have a secure element, which is a specialized chip designed to resist tampering and unauthorized access. The secure element ensures that only authenticated and non-malicious firmware can be installed on the device.
    Firmware is cryptographically signed by wallet's developers. Before the firmware is installed or updated on the device, the secure element verifies the cryptographic signature to ensure that it comes from a trusted source. If the signature is invalid or the firmware has been tampered with, the installation is aborted.
    Devices also use a secure bootloader that only allows the execution of firmware that has been verified. This prevents unauthorized or malicious firmware from running on the device.
    If Ledger would want to hurt its customers there are simpler ways to do it than to use a skippy.

  8. Sounds like the safest way is to not buy Bitcoin. Bitcoin is not safe to have even on a hardware wallet. Only computer programmers know how to operate these stupid things without it being hacked so this is a case for Bitcoin going down.

    The ETF is a better option

Back to top button