• Home
  • About Us
  • Contact Us
  • Disclaimer
  • Sitemap
  • Privacy Policy

Bitcoin Ransoms

  • Bitcoin News
  • Cryptocurrencys
  • Litecoin
  • Digital Currency
  • Ethereum
  • Payments
  • Banking
Home » CryptoCurrency » Hack » News » Security » Wallets » Users Report Losing $400,000 Due to Jaxx Wallet Vulnerability

Users Report Losing $400,000 Due to Jaxx Wallet Vulnerability

According to a report from Vx Labs, a vulnerability that allows hackers to steal cryptocurrencies from users has been discovered in popular cross-platform cryptocurrency wallet Jaxx, and has reportedly already led to $400,000 being stolen.
The report, published on Friday, shows its possible for hackers to extract a 12-word backup phrase, copy it, and then use it to restore the user’s wallet with all the private keys in it, so then all that’s left to do is transfer the funds to a wallet the hacker’s wallet.
The report reads:
Even when your Jaxx has a security PIN configured, anyone with 20 seconds of (network) access to your PC can extract your 12 word backup phrase and copy it down. Jaxx does not have to be running for this to happen.
Monero developer Riccardo “FluffyPony” Spagni tweeted about the report, presumably so something could be done about the vulnerability now that it was public, but nothing was done before users started reporting lost funds, as hackers took advantage of the vulnerability.PASF Riccardo Spagni @fluffypony
Uh oh, @jaxx_io seeds are stored unencrypted and are trivially exfiltrated off disk even if Jaxx isn't running.
https://
vxlabs.com/2017/06/10/ext
racting-the-jaxx-12-word-wallet-backup-phrase/ 
…

7:37 PM - 10 Jun 2017
Photo published for Extracting the Jaxx 12-word wallet backup phrase.

Extracting the Jaxx 12-word wallet backup phrase.

I was curious how easy it would be to extract the 12-word wallet backup phrase from a Jaxx cryptocurrency wallet desktop app / chrome extension install. After an hour or two of analysis, I can conc…
vxlabs.com
    •  
  •  171
  • 171 Retweets
    •  
  •  209
  • 209 likes
Twitter Ads info and privacy
An update published on Altcoin Trading shows that users have already reported losing as much as $400,000 in Bitcoin, Ethereum, Ethereum Classic, and Zcash. Users who only use Jaxx on their smartphones are reportedly safe, although those who use desktop versions of the wallet may be at risk.

Jaxx on Security

On Reddit, Jaxx & Decentral CTO Nilang Vyas stated that Jaxx is a hot wallet in which users shouldn’t keep large amounts, and that they believe to have found a balance between easy-of-use, security, and portability.
Ads:

One of the best Bitcoin and Altcoins Exchange With no more Maintenance like others
The CTO asked users not to use Jaxx if they are not comfortable with its security model, stating:
Please please please, if you do not feel comfortable with our security model do not use our products. We’re are creating for the masses a multi-platform, multi-coin interface for the blockchain ecosystem where users are in full control of their digital lives.
According to the post, the team behind Jaxx is “very comfortable” with its security model for hot wallets, and recommends users store large amounts of funds in hardware wallets. At the end of the post, he pointed out that in the future users will be able to secure their wallets using Trezor, Ledger, and Jaxx hardware wallets.
Based on the Nilang’s response, Vx Labs recommends users stay away from Jaxx if it does not fix the vulnerability.
Featured image from Shutterstock.
Tweet

Terimakasih anda telah membaca artikel tentang Users Report Losing $400,000 Due to Jaxx Wallet Vulnerability. Jika ingin menduplikasi artikel ini diharapkan anda untuk mencantumkan link https://eurouction.blogspot.com/2017/06/users-report-losing-400000-due-to-jaxx.html. Terimakasih atas perhatiannya.

Label: CryptoCurrency, Hack, News, Security, Wallets
Posting Lebih Baru Beranda
Diberdayakan oleh Blogger.

Copyright Bitcoin Ransoms: Users Report Losing $400,000 Due to Jaxx Wallet Vulnerability