Bitcoin Dark Skippy Attack
Get the paid course here:
https://www.bitcoinuniversity.com/join
In this video, I discuss the Dark Skippy attack that uses malicious firmware to extract your seed from your hardware wallet and broadcast it to the Bitcoin network, where it can be used by an attacker to steal your Bitcoin.
The best ways to protect against Dark Skippy include:
1) Use widely vetted hardware wallets like the Coldcard or Blockstream Jade
2) Make sure they have not been tampered with en route
3) Verify all firmware before installing
4) Consider using multi-vendor multisig
Not investment advice! Consult a financial advisor.
Coldcard tamper-evident bag and features:
https://coldcard.com/docs/quick/
Coldcard verifies the firmware whenever it boots up:
https://coldcard.com/docs/physical-notes/
How to verify Coldcard firmware:
https://coldcard.com/docs/paranoid/
https://coldcard.com/docs/upgrade/#dont-trust-verify-the-firmware
Collaborative custody multisig with Unchained:
https://unchained.com/vaults
I am not being paid or otherwise compensated by any company or cryptocurrency project that I mention in my videos. My opinion is not for sale. Please do not contact me with any affiliate or advertising deals.
#Bitcoin
#DarkSkippy
#Coldcard
Disclaimer
Neither Matthew Kratter’s Bitcoin University, nor any of its directors, officers, shareholders, personnel, representatives, agents, or independent contractors (collectively, the “Operator Parties”) are licensed financial advisors, registered investment advisors, or registered broker-dealers. None of the Operator Parties are providing investment, financial, legal, or tax advice, and nothing in this video, on this YouTube channel, or at www.Trader.University or www.BitcoinUniversity.com (henceforth, “the Sites”) should be construed as such by you. This video, channel, and the Sites should be used as educational tools only and are not replacements for professional investment advice. Trading or investing in new and volatile assets like Bitcoin can be risky.
source
Get the paid course here:
https://www.bitcoinuniversity.com/join
This should be called “Hardware wallet attack” and not a bitcoin attack.
You should do a video on PSBT and how to use it with multisig. There is a lot of differences between how easy this is to use.
Just be because Ledger supports more alt coins does not effect my decision to use ledger. I don’t need to use crazy alt coin apps on my ledger.
Can u do an update video on Bitkey?
We see through the veil. Well done
good info. the only reaosn i gor jade was you. i feel better now. i just have a question. i use singlesig. but is this normal that i still got couple jades? i thought not to put all my eggs in one jade, so i got 3. does this really help? ive never seen anyone talk about using multi hardware wallets. they all say get a hardware wallet and done. id appreciate your response. thanks
Is it ok to use a 2 of 2 multisig from different vendors?
Wow seems like it would be easier to not use a hardware wallet.
Do you have a view on the Exodus wallet ?
Too much information.
I am NOT a “techie”, but like to keep an open mind to learning new things. This type of technical explanation (while it seems very useful) is VERY intimidating and will inevitably (and unfortunately) keep the masses from ever wanting to use bitcoin. Perhaps, like the internet of 1995, the nuts and bolts of using bitcoin will eventually become easy to use and store.
What about just keeping your money on the exchange? What’s the negatives of that?
Thanks Matt. Can you do a a review of Proton Walllet please?
You never explained how it "steals your seeds from deep inside your hardware wallet". If it's via a compromised firmware or hacked laptop it's obvious and nothing new.
holy shit!!
Does this affect Bitcoin that I hold on the Coinbase exchange, on my app on my phone?
Yeah, I bet you BTC is going to gain so much network adoption so fast..people are going to be using it as the new money in no time when all you have to do is understand two semesters worth of computer science to safely self-custody with 100% certainty. It’ll be a really big hit with the older generations who we all know are super zealous to adopt new technology
I got 5 BTC from scamming I don't need Univ but ty.
Before y'all start panicking, this is a potentially malicious event. All mainstream cold wallets check for malicious firmware. This is an essential aspect of their security model, as the integrity of the firmware is crucial for protecting the private keys stored on the device.
Hardware wallets have a secure element, which is a specialized chip designed to resist tampering and unauthorized access. The secure element ensures that only authenticated and non-malicious firmware can be installed on the device.
Firmware is cryptographically signed by wallet's developers. Before the firmware is installed or updated on the device, the secure element verifies the cryptographic signature to ensure that it comes from a trusted source. If the signature is invalid or the firmware has been tampered with, the installation is aborted.
Devices also use a secure bootloader that only allows the execution of firmware that has been verified. This prevents unauthorized or malicious firmware from running on the device.
If Ledger would want to hurt its customers there are simpler ways to do it than to use a skippy.
Not sure I understood what not to do but ok.
Sounds like the safest way is to not buy Bitcoin. Bitcoin is not safe to have even on a hardware wallet. Only computer programmers know how to operate these stupid things without it being hacked so this is a case for Bitcoin going down.
The ETF is a better option