$400K stolen From A Jaxx Wallet User Due To Vulnerability of Jaxx

in #security8 years ago

image source : CoinTelegraph

There exists a massive vulnerability on popular crypto wallet Jaxx. It's on Jaxx's backup system. There is a problem in wallet backup phrase storage methods. And hackers are already exploiting this problem to steal cryptocurrency from users Jaxx wallets.

A researcher of Vx Labs discovered this vulnerability on the late the Friday. He said -

 “Even when your Jaxx has a security PIN configured, anyone with 20  seconds of (network) access to your PC can extract your 12 word backup  phrase and copy it down,” the report reveals. “Jaxx does not have to be  running for this to happen.” 

Now, a user of Jaxx wallet reported that he was robbed almost $400K worth cryptocurrencies including  Ethereum (ETH), Ethereum Classic (ETH) and Zcash.

Here is a screenshot of the theft -

image credit : CoinTelegraph

Vx meanwhile “strongly recommended” users “avoid” Jaxx in future -

“In the future users will be able to secure their Jaxx  wallet with both Trezor, Ledger and our own hardware wallets,” Vyas  continued. “Until that time, please use Jaxx as a hot wallet for small  amounts, and use hardware wallets for larger amounts.” 


Source : https://cointelegraph.com/news/jaxx-wallet-vulnerability-users-report-400k-funds-thefts

Sort:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://cointelegraph.com/news/jaxx-wallet-vulnerability-users-report-400k-funds-thefts

Moral of story: Do not trust anything except offline storage like hardware wallets (ledgers etc)