To those in the Crypto-space, there seems to be a newly-discovered vulnerability in the highly popular Jaxx cryptocurrency wallet that could possibility allow hackers easy access to your 12-word Wallet Back Up Phrase. It's been highlighted that Jaxx Developers are aware of this and have responded to the public that this Security Exploit does not fixing, reminding Users that Jaxx is a Hotwallet suitable for storing small amounts of Cryptocurrency
Monero Lead Developer Criticizes Jaxx Wallet Security
Even Charlie Shrem, a known Bitcoin Enthusiasts and Jaxx Director of Business & Community Development responded to the Tweet
Unauthorized access to your Device Allows Hackers to retrieve your 12-word backup phrase, Vx Labs continued, they can easily recover your wallet and steal your money
“With the 12 word backup phrase, they can later restore your wallet, including all of your private keys, on their own computers, and then proceed to transfer away all of your cryptocurrency.”
Twitter post went on to provide a technical demonstration of the vulnerability and how it can be exploited, published by VxLabs. There is Link that describes in details about Jaxx Security vulnerability and how to take advantage of it, found at the Bottom of the Post
Jaxx Developer Response
Users soon react with skepticism, as it seems that Jaxx Developers say they are ‘Very Comfortable’ with how their Wallet works, regardless of this Security Flaws
Jaxx CTO Nilang Vyas entered the thread to address these concerns regarding Jaxx Security, his response however has raised concerns as he confirms that this is not a critical Jaxx Security Flaw but instead used it as an opportunity to explain major points about Jaxx current Security Model. Users unaware of this and were left with the idea that Jaxx is not ideally the safest way of storing ''life-changing'' amount of Cryptocurrency, as mention by Charlie Shrem in his Tweet
Nilang told Users that Jaxx Wallet was not meant to be used for long-term Cryptocurrency Storage. Initially designed to be a Hotwallet, Nilang said, Users ensure the full security of their devices to prevent theft.
“We are very comfortable with this security model for Hotwallets ” Nilang wrote.
“The fact is there will always be tradeoffs between user experience, portability and security and we believe we’ve struck a great balance.”
If you thought that JAXX is one of the most secure Cryptocurrency Wallet, then you should consider doing some in-depth research as clearly Developers have stated that Jaxx is not a recommended solution for storing large amounts Cryptocurrency Tokens. Since money is on the line, it is important that you Trust any Third-party services involved!
The reason this is made possible is due to the way the Jaxx wallet encrypted the mnemonic phrase. It uses a hardcoded encryption key, which is not the best option. Even if users enable an additional PIN code or strong password, that is not taken into consideration in the encryption process. This allows anyone to read and decrypt the recovery phrase from local storage using a simple tool and code. It appears this issue affects both desktop clients and browser plugins alike.
The Safest way to store Cryptocurrency is to use a Hardware Wallet like Trezor or The Ledger, especially when it comes to safekeeping a large portion of your Cryptocurrency Holdings. If you don't have funds consider getting Exodus, however if you're still a fan of Jaxx Services because it offers more support more Cryptocurrencies then you should consider diversifying your Tokens and avoid keeping it all in one nest, this means using multiple Jaxx Accounts on different devices for safety
Visit the official Site of VxLabs, the group behind the discovery of the Jaxx Back up Phrase Security Flaw, they also have a temporary solution on how to secure your Jaxx Wallet, that's if you're interested enough to learn how securely store Cryptocurrencies using Jaxx in the first place. I personally have a lot of different Wallets in order to diversify my holdings and would never use one platform to store all of my Tokens even if it's a Hardware Wallet. Because you never know what could possibly go wrong, always question any Service you're using especially when it comes trusting them with your hard-earned money. I would still consider using Jaxx Wallet, however I wouldn't fully depend on it's software to fully protect my Assets since you never know what exactly is going in the Digital Realm.
With Cryptocurrencies, you have to be your own Bank and need to take full responsibility especially if you're Investing, it is important to know that your Assets are kept in a secure environment. Keep Steem in your Steemit Account via Steem Power or Savings instead of leaving it on a Crypto-Exchange and remember to stay safe Online