Think my BTC got stolen in Jaxx Wallet....

[loke0g]

Hi, I'm a newbie in crypto and I need some expert advise to confirm that my Jaxx wallet has been hacked and someone have stole my btc.

I bought bitcoin in Jaxx more than a year ago and since 6 months ago i stopped looking and checking the Jaxx wallet.

I checked today and found that there is a transaction back in mid January and someone transfer all my 0.0875 BTC out to other address.

The address was sent to 1P5roJZATHWENDV7r4y9ZHggckh6gTN9tu and the Trans ID is https://live.blockcypher.com/btc/tx/ef6deba62b33136d7c65f436244b44bd9fd33187ed6d771e8f2ac3b921c63fe1/

When I follow the address https://live.blockcypher.com/btc/address/1P5roJZATHWENDV7r4y9ZHggckh6gTN9tu/ , it shows this fella has been receiving bitcoin every now and then into this address.

Since I didn't do any transaction for more than 6 months, I guess this person somehow managed to hack into my Jaxx Wallet (I understand Jaxx is not secured =.= and silly me for being lazy to find another wallet and transfer out) and steal my btc. Am i right to say that?

Funny enough, I send an email to Jaxx Support and they recommend me to report to relevant authorities ( what the.......).

I guess there is no way I can retrieve back the btc isn't it?

This happen two weeks after my Android Phone was spoilt (can't open the phone at all) and I send it to Samsung center to fix. However the tech person said there is a major issue with the phone ...can't be fix hence give me a complete new phone. It make me wonder whether it is relevant. =/

Cheers

[nc50lc]

First of all, there's no other way to recover your funds unless you can identify the culprit.

About your phone's "sploit", someone who gained access to it can't directly open your wallet if he didn't know our passphrase (or it wasn't encrypted?).

∙ If you ever exposed the backup (the 12-word seed or even private keys) to an easy to hack environment like email, cloud storage or your Phone's SD card/storage, that might be the reason.
∙ There are couple of fake Jaxx wallets that have spread over the internet, are you sure that the one you've used was legit?

[TryNinja]

There is no way for you to recover them. Sorry.

It could have been stolen by the tech person that got your phone, or if you store your backup file online (Email, PC, etc). There is really no easy way to know what happened since that happened months ago.

[Lucius]

~snip~

I can only tell you that coins you have in your wallet are now in possession of a hacker, and so are likely to remain. Only way to get it back is to find hacker and force him to send it back to you, what's pretty unrealistic.

The first mistake you made is when you store coins in mobile wallet, and second was to use Jaxx wallet. I can not say for sure that you are victim of some vulnerability in Jaxx wallet, but back in 2017 one user is lost $400 000, and official response from Jaxx CEO is something like : "If you do not like our wallet, do not use it -We are happy how it works".

Do you remember how / where you store your seed words / private keys? There is a possibility that someone is came into possession of that data even before you phone is broken. We should not exclude the possibility that technicians from Samsung are also have opportunity to get your coins.

[anu1908]

i can relate to jaxx with this. they probably think that it's not their fault at all, and your seed must somehow get exposed when your phone was being fixed.

what others said are important to understand what's the method that the hacker likely use. if for example, you don't set any passphrase, then it's easy to steal your bitcoin just by accessing your phone.

[erikalui]

The address mentioned has been involved in another hacking incident: https://www.reddit.com/r/ethereum/comments/9yu0uo/can_please_help_me_i_logged_onto_my_exodus_wallet/

And this hacker is constantly sending coins to this address: 17262J1AXJpnVi13PMJXKSfSKztwz8RbV and somebody mentioned this on reddit

I tracked the BTC tx and finish at cryptonator.com

You can contact the website and get this hacker's address blocked. You can show proof that there are other victims too involved.

[loke0g]

Thanks guys. Learned my lesson. Guess I won't be able to get back my Btc. Damn hacker. Hope karma come back to them.

Erikalui, Contact the website to get the hacker's address blocked....you mean cryptonator.com?

[erikalui]

Thanks guys. Learned my lesson. Guess I won't be able to get back my Btc. Damn hacker. Hope karma come back to them.

Erikalui, Contact the website to get the hacker's address blocked....you mean cryptonator.com?

Yes, cryptonator is a wallet and by sending proof that he hacked your coins, you should manage to get his wallet address blocked.

Go here: https://www.cryptonator.com/contact

[Pmalek]

You didn't answer the questions asked by other members if you stored your seed or private keys somewhere on your phone or on an online service that could have been accessed from your phone? If that is the case it was very easy for the technician who worked on your phone to just copy that information and steal your bitcoins.
Do you know the name of the Samsung employee who tried to fix your phone? Maybe going back to the service centre and confronting him or talking to a manager could help. It is a long shot but who knows.

[djhomeschool]

You didn't answer the questions asked by other members if you stored your seed or private keys somewhere on your phone or on an online service that could have been accessed from your phone? If that is the case it was very easy for the technician who worked on your phone to just copy that information and steal your bitcoins.
Do you know the name of the Samsung employee who tried to fix your phone? Maybe going back to the service centre and confronting him or talking to a manager could help. It is a long shot but who knows.

If his Jaxx wallet had the same password as his phone it would be easy indeed for the Samsung employee to steal the funds.

[mk4]

Thanks guys. Learned my lesson. Guess I won't be able to get back my Btc. Damn hacker. Hope karma come back to them.

Quite an expensive mistake mate. At least you now know what to do to prevent the same from happening future. Next time, always always prioritize security. Not to mention that I don't think Jaxx is a same enough wallet in the first place. I've read in the past that there are some vulnerabilities that some people saw, and that Jaxx refuses to fix them.

[loke0g]

You didn't answer the questions asked by other members if you stored your seed or private keys somewhere on your phone or on an online service that could have been accessed from your phone? If that is the case it was very easy for the technician who worked on your phone to just copy that information and steal your bitcoins.
Do you know the name of the Samsung employee who tried to fix your phone? Maybe going back to the service centre and confronting him or talking to a manager could help. It is a long shot but who knows.

I didn't store Jaxx seed or private keys anywhere in my phone...i printed it out and store it in my drawer

But i didn't set any passphrase on my Jaxx too..only set up the 4 digit Pin on my mobile Jaxx wallet...but i think that 4 digit Pin must be quite easy to hack......?? =/

[bob123]

But i didn't set any passphrase on my Jaxx too..

On windows, you don't need any passphrase to access the private keys.

If you have access to the computer, you get access to the private key. The passphrase / pin protection of jaxx on windows is a gimmick, but doesn't do anything.
The sensitive information is stored unencrypted as plain text on your computer.. That's the sad part about jaxx..

[mk4]

Just to add to what bob123 said..

I didn't store Jaxx seed or private keys anywhere in my phone...i printed it out and store it in my drawer

I mean, you printed it out. So you probably had to type the seed into your computer, right? That itself is a potential attack vector, easily through a keylogger.

[Pmalek]

I mean, you printed it out. So you probably had to type the seed into your computer, right? That itself is a potential attack vector, easily through a keylogger.

It sure is but even if he didn't print it out and was infected with a keylogger his seed could still have gotten stolen because some keyloggers also take periodic screenshots of your screen and send the pictures to the attacker. 

[bob123]

I mean, you printed it out. So you probably had to type the seed into your computer, right? That itself is a potential attack vector, easily through a keylogger.

It sure is but even if he didn't print it out and was infected with a keylogger his seed could still have gotten stolen because some keyloggers also take periodic screenshots of your screen and send the pictures to the attacker. 

You guys are complicating this too much.
This might be a very common attack vector for good desktop wallets.

But gaining access to funds stored in jaxx is way easier.

It is literally just one command to extract the mnemonic.

It is stored in a sqlite database (Windows: C:\Users\USERNAME\AppData\Roaming\Jaxx\Local Storage).

It can be extracted with:

Code:

sqlite> select value from ItemTable where key="mnemonic";

Even though the mnemonic is encrypted with AES.. this is quite useless because EVERY mnemonic on EVERY computer is encrypted the same way (same key, same IV)...
Which makes it senseless to encrypt it if every person knows how to decrypt every other persons mnemonic.

For the sake of completeness:

Code:

KEY = "6Le0DgMTAAAAANokdfEial"
IV  = "mHGFxENnZLbienLyALoi.e"

So.. you basically just need less than 60 seconds access to the computer to gain access to the mnemonic.
Doesn't matter if you can simply use that computer while the person owning that wallet is away, or via some malware.

You don't need any administrative privileges. Just standard user privileges the wallet is running with.


But hey.. Jaxx claims this is not a problem at all.
Because.. with a desktop wallet your funds are always as secured as your computer is... makes sense, doesn't it? 

I mean.. if i let someone use my computer for less than a minute without internet access and without giving him the ability to insert an USB or similar.. my funds would be at risks with every wallet, right? RIGHT?
(Of course not!)


Jaxx is a joke.