Bitcoin Forum
May 20, 2019, 11:38:03 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Think my BTC got stolen in Jaxx Wallet....  (Read 220 times)
loke0g
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
May 15, 2019, 09:54:47 AM
 #1

Hi, I'm a newbie in crypto and I need some expert advise to confirm that my Jaxx wallet has been hacked and someone have stole my btc.

I bought bitcoin in Jaxx more than a year ago and since 6 months ago i stopped looking and checking the Jaxx wallet.

I checked today and found that there is a transaction back in mid January and someone transfer all my 0.0875 BTC out to other address.

The address was sent to 1P5roJZATHWENDV7r4y9ZHggckh6gTN9tu and the Trans ID is https://live.blockcypher.com/btc/tx/ef6deba62b33136d7c65f436244b44bd9fd33187ed6d771e8f2ac3b921c63fe1/

When I follow the address https://live.blockcypher.com/btc/address/1P5roJZATHWENDV7r4y9ZHggckh6gTN9tu/ , it shows this fella has been receiving bitcoin every now and then into this address.

Since I didn't do any transaction for more than 6 months, I guess this person somehow managed to hack into my Jaxx Wallet (I understand Jaxx is not secured =.= and silly me for being lazy to find another wallet and transfer out) and steal my btc. Am i right to say that?

Funny enough, I send an email to Jaxx Support and they recommend me to report to relevant authorities ( what the.......).

I guess there is no way I can retrieve back the btc isn't it?

This happen two weeks after my Android Phone was spoilt (can't open the phone at all) and I send it to Samsung center to fix. However the tech person said there is a major issue with the phone ...can't be fix hence give me a complete new phone. It make me wonder whether it is relevant. =/

Cheers
1558395483
Hero Member
*
Offline Offline

Posts: 1558395483

View Profile Personal Message (Offline)

Ignore
1558395483
Reply with quote  #2

1558395483
Report to moderator
1558395483
Hero Member
*
Offline Offline

Posts: 1558395483

View Profile Personal Message (Offline)

Ignore
1558395483
Reply with quote  #2

1558395483
Report to moderator
START MINING BTC NOW WITH NEW GENERATION S17 ANTMINER! BTC/BCH/LTC/ZCASH/DASH/ETH/DCR MINING PLAN AVAILABLE Highly Reduced Electricity Fee $0.067/T/DAY!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558395483
Hero Member
*
Offline Offline

Posts: 1558395483

View Profile Personal Message (Offline)

Ignore
1558395483
Reply with quote  #2

1558395483
Report to moderator
nc50lc
Sr. Member
****
Offline Offline

Activity: 588
Merit: 391


Self-proclaimed Genius ㊙️


View Profile WWW
May 15, 2019, 10:14:07 AM
 #2

First of all, there's no other way to recover your funds unless you can identify the culprit.

About your phone's "sploit", someone who gained access to it can't directly open your wallet if he didn't know our passphrase (or it wasn't encrypted?).

∙ If you ever exposed the backup (the 12-word seed or even private keys) to an easy to hack environment like email, cloud storage or your Phone's SD card/storage, that might be the reason.
∙ There are couple of fake Jaxx wallets that have spread over the internet, are you sure that the one you've used was legit?

███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
#1
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
BTC 
  ●
   BTC
  BTC   
.
    ▄▄▄▀▀▀▀
 ▄██▀
███        ▄▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄▄▄
▀███▄▄▄▄▀▀▀                 ▀▀▄▄
  ▀▀▀██████████████████████████▀
   ▄█▄     ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀██▄▄█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀
      ▄  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
      ▀██▄  ▄▀▀▀▀▀▀▀▀▀▀▀▀▄
        ▀█▀██████████████▀▀
         ▀█▄▄ ▄▄▄▄▄▄▄▄▄▄
            █▀▄▄▄▄▄▄▄▄▄▄▀
             ▀▀▄▄▄▄▄▄▄
.
     BTC
  BTC   
  ●
  BTC   
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
TryNinja
Legendary
*
Offline Offline

Activity: 1008
Merit: 1249


ChipMixer's Badge of Honor


View Profile
May 15, 2019, 10:16:19 AM
 #3

There is no way for you to recover them. Sorry.

It could have been stolen by the tech person that got your phone, or if you store your backup file online (Email, PC, etc). There is really no easy way to know what happened since that happened months ago.

Lucius
Legendary
*
Offline Offline

Activity: 1414
Merit: 1193


Fortis Fortuna Adiuvat


View Profile WWW
May 15, 2019, 10:25:29 AM
 #4

~snip~

I can only tell you that coins you have in your wallet are now in possession of a hacker, and so are likely to remain. Only way to get it back is to find hacker and force him to send it back to you, what's pretty unrealistic.

The first mistake you made is when you store coins in mobile wallet, and second was to use Jaxx wallet. I can not say for sure that you are victim of some vulnerability in Jaxx wallet, but back in 2017 one user is lost $400 000, and official response from Jaxx CEO is something like : "If you do not like our wallet, do not use it -We are happy how it works".

Do you remember how / where you store your seed words / private keys? There is a possibility that someone is came into possession of that data even before you phone is broken. We should not exclude the possibility that technicians from Samsung are also have opportunity to get your coins.

anu1908
Full Member
***
Offline Offline

Activity: 266
Merit: 165


View Profile
May 15, 2019, 03:02:43 PM
 #5

i can relate to jaxx with this. they probably think that it's not their fault at all, and your seed must somehow get exposed when your phone was being fixed.

what others said are important to understand what's the method that the hacker likely use. if for example, you don't set any passphrase, then it's easy to steal your bitcoin just by accessing your phone.

erikalui
Legendary
*
Offline Offline

Activity: 1638
Merit: 1048


Free Crypto in Stake.com Telegram t.me/StakeCasino


View Profile WWW
May 15, 2019, 03:43:49 PM
 #6

The address mentioned has been involved in another hacking incident: https://www.reddit.com/r/ethereum/comments/9yu0uo/can_please_help_me_i_logged_onto_my_exodus_wallet/

And this hacker is constantly sending coins to this address: 17262J1AXJpnVi13PMJXKSfSKztwz8RbV and somebody mentioned this on reddit
Quote
I tracked the BTC tx and finish at cryptonator.com

You can contact the website and get this hacker's address blocked. You can show proof that there are other victims too involved.

loke0g
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
May 16, 2019, 02:48:17 AM
 #7

Thanks guys. Learned my lesson. Guess I won't be able to get back my Btc. Sad Damn hacker. Hope karma come back to them.

Erikalui, Contact the website to get the hacker's address blocked....you mean cryptonator.com?

erikalui
Legendary
*
Offline Offline

Activity: 1638
Merit: 1048


Free Crypto in Stake.com Telegram t.me/StakeCasino


View Profile WWW
May 16, 2019, 06:54:47 AM
 #8

Thanks guys. Learned my lesson. Guess I won't be able to get back my Btc. Sad Damn hacker. Hope karma come back to them.

Erikalui, Contact the website to get the hacker's address blocked....you mean cryptonator.com?



Yes, cryptonator is a wallet and by sending proof that he hacked your coins, you should manage to get his wallet address blocked.

Go here: https://www.cryptonator.com/contact

Pmalek
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1031



View Profile
May 16, 2019, 09:22:35 AM
 #9

You didn't answer the questions asked by other members if you stored your seed or private keys somewhere on your phone or on an online service that could have been accessed from your phone? If that is the case it was very easy for the technician who worked on your phone to just copy that information and steal your bitcoins.
Do you know the name of the Samsung employee who tried to fix your phone? Maybe going back to the service centre and confronting him or talking to a manager could help. It is a long shot but who knows.

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
djhomeschool
Full Member
***
Offline Offline

Activity: 304
Merit: 132


View Profile
May 16, 2019, 09:24:31 AM
 #10

You didn't answer the questions asked by other members if you stored your seed or private keys somewhere on your phone or on an online service that could have been accessed from your phone? If that is the case it was very easy for the technician who worked on your phone to just copy that information and steal your bitcoins.
Do you know the name of the Samsung employee who tried to fix your phone? Maybe going back to the service centre and confronting him or talking to a manager could help. It is a long shot but who knows.

If his Jaxx wallet had the same password as his phone it would be easy indeed for the Samsung employee to steal the funds.
mjglqw
Hero Member
*****
Offline Offline

Activity: 938
Merit: 653


https://coinsources.io/bitcoin


View Profile WWW
May 17, 2019, 02:29:33 AM
 #11

Thanks guys. Learned my lesson. Guess I won't be able to get back my Btc. Sad Damn hacker. Hope karma come back to them.

Quite an expensive mistake mate. At least you now know what to do to prevent the same from happening future. Next time, always always prioritize security. Not to mention that I don't think Jaxx is a same enough wallet in the first place. I've read in the past that there are some vulnerabilities that some people saw, and that Jaxx refuses to fix them.

loke0g
Newbie
*
Offline Offline

Activity: 3
Merit: 0


View Profile
May 17, 2019, 09:27:12 AM
 #12

You didn't answer the questions asked by other members if you stored your seed or private keys somewhere on your phone or on an online service that could have been accessed from your phone? If that is the case it was very easy for the technician who worked on your phone to just copy that information and steal your bitcoins.
Do you know the name of the Samsung employee who tried to fix your phone? Maybe going back to the service centre and confronting him or talking to a manager could help. It is a long shot but who knows.


I didn't store Jaxx seed or private keys anywhere in my phone...i printed it out and store it in my drawer

But i didn't set any passphrase on my Jaxx too..only set up the 4 digit Pin on my mobile Jaxx wallet...but i think that 4 digit Pin must be quite easy to hack......?? =/
bob123
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1014



View Profile WWW
May 17, 2019, 09:36:45 AM
 #13

But i didn't set any passphrase on my Jaxx too..

On windows, you don't need any passphrase to access the private keys.

If you have access to the computer, you get access to the private key. The passphrase / pin protection of jaxx on windows is a gimmick, but doesn't do anything.
The sensitive information is stored unencrypted as plain text on your computer.. That's the sad part about jaxx..

mjglqw
Hero Member
*****
Offline Offline

Activity: 938
Merit: 653


https://coinsources.io/bitcoin


View Profile WWW
May 17, 2019, 02:56:03 PM
 #14

Just to add to what bob123 said..

I didn't store Jaxx seed or private keys anywhere in my phone...i printed it out and store it in my drawer
I mean, you printed it out. So you probably had to type the seed into your computer, right? That itself is a potential attack vector, easily through a keylogger.

Pmalek
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1031



View Profile
May 19, 2019, 01:09:12 PM
 #15

I mean, you printed it out. So you probably had to type the seed into your computer, right? That itself is a potential attack vector, easily through a keylogger.
It sure is but even if he didn't print it out and was infected with a keylogger his seed could still have gotten stolen because some keyloggers also take periodic screenshots of your screen and send the pictures to the attacker. 

.FORTUNE.JACK.
      ▄▄███████▄▄
   ▄████▀▀ ▄ ██████▄
  ████ ▄▄███ ████████
 █████▌▐███▌ ▀▄ ▀█████
███████▄██▀▀▀▀▄████████
█████▀▄▄▄▄█████████████
████▄▄▄▄ █████████████
 ██████▌ ███▀████████
  ███████▄▀▄████████
   ▀█████▀▀███████▀
      ▀▀██████▀▀
         
         █
...FortuneJack.com                                             
...THE BIGGEST BITCOIN GAMBLING SITE
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██
█████████▀███████████▄
██████████▀   ▀██████████
█████████▀       ▀█████████
████████           ████████
████████▄   ▄ ▄   ▄████████
██████████▀   ▀██████████
 ▀██
█████████████████████▀
  ▀██
███████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
#JACKMATE
WIN 1 BTC
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████▀█████▀██████████
███████▀░░▀░░░░░▀░░▀███████
██████▌░░░░░░░░░░░░░▐██████
██████░░░░██░░░██░░░░██████
█████▌░░░░▀▀░░░▀▀░░░░▐█████
██████▄░░▄▄▄░░░▄▄▄░░▄██████
████████▄▄███████▄▄████████

███████████████████████████
███████████████████████████
▀█████████████████████████▀
bob123
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1014



View Profile WWW
Today at 06:36:02 AM
Merited by bones261 (2), HCP (2), vapourminer (1)
 #16

I mean, you printed it out. So you probably had to type the seed into your computer, right? That itself is a potential attack vector, easily through a keylogger.

It sure is but even if he didn't print it out and was infected with a keylogger his seed could still have gotten stolen because some keyloggers also take periodic screenshots of your screen and send the pictures to the attacker. 


You guys are complicating this too much.
This might be a very common attack vector for good desktop wallets.

But gaining access to funds stored in jaxx is way easier.

It is literally just one command to extract the mnemonic.

It is stored in a sqlite database (Windows: C:\Users\USERNAME\AppData\Roaming\Jaxx\Local Storage).

It can be extracted with:
Code:
sqlite> select value from ItemTable where key="mnemonic";

Even though the mnemonic is encrypted with AES.. this is quite useless because EVERY mnemonic on EVERY computer is encrypted the same way (same key, same IV)...
Which makes it senseless to encrypt it if every person knows how to decrypt every other persons mnemonic.

For the sake of completeness:
Code:
KEY = "6Le0DgMTAAAAANokdfEial"
IV  = "mHGFxENnZLbienLyALoi.e"


So.. you basically just need less than 60 seconds access to the computer to gain access to the mnemonic.
Doesn't matter if you can simply use that computer while the person owning that wallet is away, or via some malware.

You don't need any administrative privileges. Just standard user privileges the wallet is running with.


But hey.. Jaxx claims this is not a problem at all.
Because.. with a desktop wallet your funds are always as secured as your computer is... makes sense, doesn't it?  Roll Eyes

I mean.. if i let someone use my computer for less than a minute without internet access and without giving him the ability to insert an USB or similar.. my funds would be at risks with every wallet, right? RIGHT?
(Of course not!)


Jaxx is a joke.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!