ALERT !!! - Important - Jaxx Vulnerability; Extracting the Jaxx 12-word wallet backup phrase.

If you have BTC, ETH, ETC or other coins in Jaxx get them out now!!!
If you only ever used the Jaxx mobile apps your coins are apparently safe (not if you use both desktop and and mobile though).

I was curious how easy it would be to extract the 12-word wallet backup phrase from a Jaxx cryptocurrency wallet desktop app / chrome extension install.After an hour or two of analysis, I can conclude that this is unfortunately far too easy.

Even when your Jaxx has a security PIN configured, anyone with 20 seconds of (network) access to your PC can extract your 12 word backup phrase and copy it down. Jaxx does not have to be running for this to happen.With the 12 word backup phrase, they can later restore your wallet, including all of your private keys, on their own computers, and then proceed to transfer away all of your cryptocurrency.The main problem is that the Jaxx software encrypts the mnemonic using a hard-coded encryption key, instead of making use of a strong user-supplied password. (As Daira Hopwood points out in the comments, using the PIN would not be sufficient.)This means we can easily read and decrypt the full recovery phrase from local storage using sqlite3 and some straight-forward code.I successfully tested this vulnerability on the Jaxx Chrome extension v1.2.17 and the Jaxx Linux desktop app 1.2.13.

More: https://vxlabs.com/2017/06/10/extracting-the-jaxx-12-word-wallet-backup-phrase/

Sort:  

Copying/Pasting full texts without adding anything original is frowned upon by the community.

Some tips to share content and add value:

  • Using a few sentences from your source in “quotes.” Use HTML tags or Markdown.
  • Linking to your source
  • Include your own original thoughts and ideas on what you have shared.

Repeated copy/paste posts could be considered spam. Spam is discouraged by the community, and may result in action from the cheetah bot.

Thank You! ⚜

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://vxlabs.com/2017/06/10/extracting-the-jaxx-12-word-wallet-backup-phrase/

Congratulations @andersokohler! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments

Click on any badge to view your own Board of Honnor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

Not sure it's fair to call Jaxx insecure... Check out this post and decide for yourself.

https://steemit.com/jaxx/@xerxes612/jaxx-wallet-vulnerability