JAXX Wallet hacked. Supposedly they knew FRIDAY of the exploit.. (Random Thoughts)
Okay, this is a serious story but one that is based on both the ignorance of JAXX and the end user. Second, this exploit requires the hacker to have access to your computer for a period of 10/30 seconds. If you're educated on coins, have knowledge of computers, VPN, hard wallets, then shame on you. Any and all transactions you should be making should be over a secured network and or VPN and your coins should have been on a hard wallet.
With all of that, I am wondering why @Jaxx.io didn't take FluffyPony (Developer's) tweet seriously when he advised what i am sure JAXX already knew. That their security was less than IDEAL! https://vxlabs.com/2017/06/10/extracting-the-jaxx-12-word-wallet-backup-phrase/#update-extract-pin
This to me shows pure ignorance on the part of JAXX. It's also ignorance on the part of FluffyPony IF he didn't go to Jaxx privately first. He himself should be a shamed of himself for releasing the exploit info prior to working with Jaxx to get it all resolved.
IF you are new to how all of this works, then this is going to be eye opening and going to scare the shit out of you. And it should... While I had a few coins on my JAXX wallet I already knew the risk of putting them there. So when I checked this morning, I was relieved to see that they were there and I immediately did what I should have done weeks ago (moved them to my Ledger Blue wallet). If you do not know what a ledger blue or what a ledger wallet is, please see this: https://www.amazon.com/Ledger-Nano-Cryptocurrency-hardware-wallet/dp/B01J66NF46
You can also view their website here - https://www.ledgerwallet.com
NOW the problem with the ledger wallet's is they aren't exactly user friendly. Even with the Ledger Blue which is their top of the line ledger, they are cumbersome and you have to have some decent knowledge of how to use their devices. This is why the JAXX wallet was such a nice addition to the crypto eco system. It was simple to use, simple to navigate, and it just worked but it's strengths were also it's weakness in my opinion.
Unlike many other wallets, Jaxx doesn't store any user information, wallet data, or funds on any centralized server. All wallet files are stored strictly client-side, which means that Jaxx has no central point of failure. As long as you have a written copy of your wallet's 12-word backup phrase, you will be able to back up or restore all wallet assets indefinitely.
That said, while it can't be hacked on a systemic level in the same way centralized services can, Jaxx is only as "safe" as your security practices are. If you lose your device or download malware onto your computer that grants remote access, malicious users may be able to access your wallet. Sweep your computer for malware regularly, take advantage of your device's built-in security features, and use the Security PIN option, which protects all functions that can be used to remove funds or keys.
This all should go without saying but there are people that are ignorant to Cryptocurrency. There are users that even though they know about Cryptos they are ignorant to computer security. These are all things you need to know before you get involved with any crypto.
Get your self a VPN for your computer that you do transactions on. If you have one computer and or phone, get PIA (Private Internet Access) and pay the 5.00 a month.
Get your self a hardware wallet and learn how to use it.
As mentioned above: LedgerWallet is one you can get on Amazon. Only get one of the top tier wallets from their site that have a display on them. I prefer the blue but it's consistently on backorder.
Another wallet that I may get also is a keep key. You can read about them at https://www.keepkey.com/ It's a very cool wallet as well. Pretty pricey like the blue BUT you get what you pay for.
***** WHEN YOU SET UP YOUR WALLET DO NOT LOSE THE KEY PHRASE THAT IT GIVES YOU ***** Write it down and put it some where secure. Put it in a safe deposit box. Some place where no one can get it!
If you're using your phone, do not let anyone utilize your device. Not your children, not your friends, not people you think you can trust, NO ONE. I can't suggest that enough. DO NOT LET ANYONE USE YOUR DEVICE. Hell, I wouldn't let my girlfriend, mother, wife, child, dad, etc.. use it... I trust NO ONE. Sounds shitty, right? The people closest to you are the ones more apt to take advantage of you.
Let this be a lesson to anyone that anything can be exploited. If you take the steps to protect your self from thievery, you're in a much better place. Oh, AND DO NOT TRUST ANYONE. I don't know if I said that or not. :)
Happy Tuesday!
When I saw the news about Jaxx earlier, I breathed a huge sigh of relief. I only got involved with BTC a week or so ago. I quickly found Jaxx and liked its cross-platform capabilities. But then the MacOS version lost the ability to refresh its status and refused to update the values.
While the iOS version continued to function well, I decided that I couldn't really trust my funds to a networked product that couldn't even handle the simplest of network tasks.
I posted a support ticket with Jaxx and then immediately moved my funds to a (hopefully) more secure wallet.
Thanks for the detailed and thoughtful article. Some very good points there, especially for us noobs.
You're welcome. Thank you for the reply. There was a lot of click bait and fear placed into users. When people hear hack these days they immediately think everything is stolen I suppose. Jaxx was hacked but it wasn't the worst possible thing that could happen - thank god! I do feel bad however for the noobies that are coming into the market excited and now feel like they have lost it all.
It's my hopes that JAXX takes care of these people because at the end of the day their lack of encrypting data is what caused the issue. Their lack of listening to devs from security firms and from Fluffy (Monero Dev) is what caused a lot of this. This was really a circle of SHIT because the same people that "reported it" should have done so in a more quiet environment vs. putting it out there to vengeful hackers.
We will see what happens going forward of course. If JAXX doesn't lose their ass here and go bankrupt over it, you might see a much more secure system come out of it. One that I would rather see come now vs later. Make sure to look at some hard wallet options and of course make sure to make your PC secure as well. :)