Cryptocurrency wallets need to protect user funds at any given time. In most cases, this is not much of a problem. A lot of mobile and desktop wallets are coded in such a way they keep all information safe from harm. The Jaxx wallet, however, may be one major exception to this rule. It turns out one can extract the wallet’s backup phrase with relative ease. This is a big problem which will need to be fixed sooner rather than later.
According to a recent post, it is evident the Jaxx wallet has a big of a problem. To be more specific, anyone with access to your computer can extract the mnemonic phrase which serves as a wallet backup. This can be obtained through both direct and remote access alike. It is a very disturbing development, especially when considering the Jaxx wallet doesn’t even need to be running. Knowing someone can steal your 12-word recovery phrase at any time is a very unpleasant experience.
The Jaxx Wallet Has a Security Flaw
The reason this is made possible is due to the way the Jaxx wallet encrypted the mnemonic phrase. It uses a hardcoded encryption key, which is not the best option. Even if users enable an additional PIN code or strong password, that is not taken into consideration in the encryption process. This allows anyone to read and decrypt the recovery phrase from local storage using a simple tool and code. It appears this issue affects both desktop clients and browser plugins alike.
Most people are wondering if and how this problem can be fixed. Jaxx is a very popular cross-platform cryptocurrency wallet solution. It has one of the best user interfaces, and offers support for different currencies and tokens. The only way to keep the mnemonic safe is by having the desktop app’s local storage directory on an encrypted filesystem. The browser plugins are very difficult to fix right now unless Jaxx does so themselves. At this point, it is highly unlikely they will do so, though.
To put this into perspective, it appears the Jaxx team is aware of this problem. However, the team has no intention of fixing this flaw by any means. They feel the wallet should be used as a hot wallet, rather than a permanent storage solution. Anyone not feeling comfortable with this degree of security is advised to switch to a different wallet. Hardware wallet protection support is coming to Jaxx in the future, though. For now, it is best NOT to use this wallet whatsoever.
Header image courtesy of Shutterstock