Latest on ATNET:

#yield #defi
#crypto-fundamentals #masternodes
Web3  · 05/17/22

PSA - Jaxx Vulnerability (2017)

Altcoin Trading Blog
04/08/22 · Cryptocurrency wallets
A 2017 version of the Jaxx wallet has a serious vulnerability that is being worked on - but at the moment is there.
Daily Airdrops & Promos
Telegram
 

NOTE: This is an article from 2017 and is not relevant to the current versions of Jaxx.

2017 Jaxx Vulnerability Report

Sourcevxlabs.com

Even when your Jaxx has a security PIN configured, anyone with 20 seconds of (network) access to your PC can extract your 12 word backup phrase and copy it down. Jaxx does not have to be running for this to happen.

With the 12 word backup phrase, they can later restore your wallet, including all of your private keys, on their own computers, and then proceed to transfer away all of your cryptocurrency.

The main problem is that the Jaxx software encrypts the mnemonic using a hard-coded encryption key, instead of making use of a strong user-supplied password. (As Daira Hopwood points out in the comments, using the PIN would not be sufficient.)

This means we can easily read and decrypt the full recovery phrase from local storage using sqlite3 and some straight-forward code.

I successfully tested this vulnerability on the Jaxx Chrome extension v1.2.17 and the Jaxx Linux desktop app 1.2.13.

If you have BTC, ETH, ETC or other coins in Jaxx get them out now.

If you only ever used the Jaxx mobile apps your coins are apparently safe (not if you use both desktop and and mobile though).

Update: People report stolen ETH, ETC and ZEC


Disclosure: All products featured on AltcoinTrading.NET are independently chosen, but some of the links on this page are affiliate links. Read our full content disclosure to learn more.

Latest Airdrops & Bounties (Updates Mo + Thu nights)

airdrop BicycleFi Airdrop - A Telegram bot that wants you to follow a few things. Rew...
airdrop Slingshot Finance NFT airdrop - Slingshot finance is a new Web3 platform that airdrops NF...
airdrop AREA Metaverse airdrop (100k pool) - AREA tokens from a pool of 100k worth are airdropped to 2...
airdrop DYOR token airdrop - Follow and retweet for a chance to win some DYOR tokens.
bounty X Meta Fans Bounty (BSC BEP20) - Long running marketing bounty with 75k USD pool. Facebook...
bounty WhisperMSG Escrowed Bounty - 50k USD pool in $VOLR with escrow. Shilling on YouTube, T...
bounty UnitedCrowd (BSC) Bounty - 50k USD pool of tokens mostly for Bitcointalk (Twitter ge...
exchange promo Bitforex (all get paid) win 1 BTC by trading 10 USD of BTC - 🍕 22 May - 29 May
exchange promo Phemex Deposit Dazzle (up to 4500 USD, everyone gets paid) - until 1 Jun
exchange promo Kine DEX fee exclusive fee discount on ETH, SHIB and more - code 0B4D73C1
exchange promo Independent Reserve lists SOL - 17 May
exchange promo LocalCryptos Win 250 USD Amazon gift card - live