Weekly E-mails:  Crypto Trading Strategy 5 Weeks of Onboarding Reads. Latest Airdrops (Thu 7 AM EST). Or all of it.

Dismiss   Pick Your Preference
This site uses cookies (More).

 

Important - Jaxx Vulnerability - #CryptoTrading

Jaxx wallet has a serious vulnerability that is being worked on - but at the moment is there.
News
  .  Published  · By KarlVonBahnhof

Sourcevxlabs.com

Even when your Jaxx has a security PIN configured, anyone with 20 seconds of (network) access to your PC can extract your 12 word backup phrase and copy it down. Jaxx does not have to be running for this to happen.

With the 12 word backup phrase, they can later restore your wallet, including all of your private keys, on their own computers, and then proceed to transfer away all of your cryptocurrency.

The main problem is that the Jaxx software encrypts the mnemonic using a hard-coded encryption key, instead of making use of a strong user-supplied password. (As Daira Hopwood points out in the comments, using the PIN would not be sufficient.)

This means we can easily read and decrypt the full recovery phrase from local storage using sqlite3 and some straight-forward code.

I successfully tested this vulnerability on the Jaxx Chrome extension v1.2.17 and the Jaxx Linux desktop app 1.2.13.

If you have BTC, ETH, ETC or other coins in Jaxx get them out now.

If you only ever used the Jaxx mobile apps your coins are apparently safe (not if you use both desktop and and mobile though).

Update: People report stolen ETH, ETC and ZEC

If you lost coins report it on whalepool telegram

About the author

Written by KarlVonBahnhof

KarlVonBahnhof also on Reddit, Chris belongs to the crypto trader class of 2013. Located in the Americas most of the time, you're most likely to meet at r/BitcoinMarkets though.

 

Last added to Crypto Airdrops, Bounties & Opportunities
Name Date How to access Official URL Additional Info
Cloudbet Turbo Thursday Reload Bonus Every Thursday between 05:00-23:59 UTC Make a deposit of 0.1 mBTC or more today, Cloudbet gives you a 100% Reload Bonus of up to 50 mBTC/1 BCH. Remember you must activate the bonus in your player dashboard before making a deposit for the bonus to be credited! The bonus is only available for the Casino, not the Sportsbook. details make acct
Bethereum Price Pool on VK October 2019 There are regular competitions with the total pool of prizes worth 40K Bether if you join the gaming platform's VK channel. details make acct
FanEspo Big Competition (ERC20) All the time Fanespo is launching a new promotion contest worth $500 in FAN tokens. Details will pop up on you when you sign up on site. Overall, the eSports platform FanEspo is giving away the total of $1.6 million of tokens in contests. You need to have a FanEspo account. details make acct
Atomars Opportunity Launch promo There is a new altcoin axchange launched that now offers zero-fee trading, and possibly thinner markets for the market makers around. details make acct
Keybase Stellar Lumens Drop 11 September 2019 & Onwards The Keybase team announced a surprise airdrop worth 21 USD in XLM to all account holders who ever installed the Keybase app. To get the Lumens, you need to sign in again and claim them - you should have received a bot message with instructions. Keybase has been funded by the Stellar Developer Foundation for years and so this collab is not a one-off. You can choose to keep participating in the Lumens airdrop by using Keybase, the total dollar worth each user can get is 500 USD. New accounts can still participate as long as they have a Github or HackerNews account created before 9 September 2019. more join
BlockWage Airdrops + Bounties Recurring Platform for freelancers marketplace. Airdrops randomly announced via Discord, there's also the possibility of Masternodes. join web
Vaultoro Token Launch Promo September 2019 The crypto-gold exchange Vaultoro has been around for years, getting attention in the 2015 bear market and tagging along through the subsequent bull run. They are now launching their own exchange token which you can get for free if you don't have an account yet. Every new sign up with basic ID verification gets 200 VAULT tokens. homepage make acct