Jaxx and Bitcoin Wallet Have Major Vulnerabilities, Reveals Cheetah Mobile

Thursday, 01/03/2018 | 12:07 GMT by Arnab Shome
  • The two wallets have a combined user base of more than one million.
Jaxx and Bitcoin Wallet Have Major Vulnerabilities, Reveals Cheetah Mobile
FM

One of the major issues with technology is security vulnerability, and Blockchain technology is not immune to these. On Tuesday, the security research arm of Cheetah Mobile revealed some major security issues with two widely used mobile-based cryptocurrency wallets - Bitcoin.com Wallet and Jaxx Blockchain Wallet.

Discover credible partners and premium clients at China’s leading finance event!

In a released statement, Cheetah Mobile Blockchain Research Lab said that its researchers came across these security vulnerabilities while researching for a whitepaper called “2018 Global Cryptocurrency Wallet Security White Paper”, which it published recently. The whitepaper itself explores the security threats related to private key storage on mobile cryptocurrency wallets.

According to the firm’s statement, Bitcoin Wallet stores mnemonic phrases in plain text format on the phone’s operating system, which is very unsafe considering the complexity of the operating system. A hacker can easily access Bitcoin Wallet’s mnemonic phrases using any app that bypasses security barriers to gain ROOT access.

The researchers further explained that hackers don't even need ROOT access to exploit the operating system vulnerabilities, as by simply connecting the charging port of the mobile phone to a hacker-controlled device, they can easily gain Bitcoin Wallet’s mnemonic phrases and private keys.

For Jaxx Blockchain Wallet, the process of gaining access to private keys is even simpler, as hackers can do this by decrypting codes of the wallet’s private key data files.

Cheetah Mobile Blockchain Research Lab’s senior researcher Wei Li said: “If a wallet isn’t designed properly, users face the possibility of their private keys being lost or stolen. We believe it’s important to issue this warning so that users can understand the risks of using certain wallets and protect their digital assets.”

The researchers even advised the users of both the wallets to transfer their holding Cryptocurrencies from these two wallets to other secure platforms.

“For users that have their digital assets stored in either of these wallets, Cheetah Mobile Blockchain Research Lab recommends that they immediately transfer them to a secure wallet such as SafeWallet, developed by Cheetah Mobile. SafeWallet possesses an innovative three-tiered security defense system and easy-to-use interface that allows users to safely and conveniently secure and manage their cryptocurrency assets,” the statement added.

Wallet vulnerabilities

Security vulnerabilities in cryptocurrency wallets are nothing new. Some of the biggest attacks had been pulled off by hackers on cryptocurrency wallet platforms stealing millions of dollars.

In November last year, around $300 million funds in cryptocurrencies were locked in the popular Parity Wallet due to some vulnerabilities, and later that month, news of another theft from a little-known wallet platform CoinPouch surfaced. On that occasion hackers stole $675,000 worth of Verge coins.

One of the major issues with technology is security vulnerability, and Blockchain technology is not immune to these. On Tuesday, the security research arm of Cheetah Mobile revealed some major security issues with two widely used mobile-based cryptocurrency wallets - Bitcoin.com Wallet and Jaxx Blockchain Wallet.

Discover credible partners and premium clients at China’s leading finance event!

In a released statement, Cheetah Mobile Blockchain Research Lab said that its researchers came across these security vulnerabilities while researching for a whitepaper called “2018 Global Cryptocurrency Wallet Security White Paper”, which it published recently. The whitepaper itself explores the security threats related to private key storage on mobile cryptocurrency wallets.

According to the firm’s statement, Bitcoin Wallet stores mnemonic phrases in plain text format on the phone’s operating system, which is very unsafe considering the complexity of the operating system. A hacker can easily access Bitcoin Wallet’s mnemonic phrases using any app that bypasses security barriers to gain ROOT access.

The researchers further explained that hackers don't even need ROOT access to exploit the operating system vulnerabilities, as by simply connecting the charging port of the mobile phone to a hacker-controlled device, they can easily gain Bitcoin Wallet’s mnemonic phrases and private keys.

For Jaxx Blockchain Wallet, the process of gaining access to private keys is even simpler, as hackers can do this by decrypting codes of the wallet’s private key data files.

Cheetah Mobile Blockchain Research Lab’s senior researcher Wei Li said: “If a wallet isn’t designed properly, users face the possibility of their private keys being lost or stolen. We believe it’s important to issue this warning so that users can understand the risks of using certain wallets and protect their digital assets.”

The researchers even advised the users of both the wallets to transfer their holding Cryptocurrencies from these two wallets to other secure platforms.

“For users that have their digital assets stored in either of these wallets, Cheetah Mobile Blockchain Research Lab recommends that they immediately transfer them to a secure wallet such as SafeWallet, developed by Cheetah Mobile. SafeWallet possesses an innovative three-tiered security defense system and easy-to-use interface that allows users to safely and conveniently secure and manage their cryptocurrency assets,” the statement added.

Wallet vulnerabilities

Security vulnerabilities in cryptocurrency wallets are nothing new. Some of the biggest attacks had been pulled off by hackers on cryptocurrency wallet platforms stealing millions of dollars.

In November last year, around $300 million funds in cryptocurrencies were locked in the popular Parity Wallet due to some vulnerabilities, and later that month, news of another theft from a little-known wallet platform CoinPouch surfaced. On that occasion hackers stole $675,000 worth of Verge coins.

About the Author: Arnab Shome
Arnab Shome
  • 6654 Articles
  • 102 Followers
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.

More from the Author

CryptoCurrency