Author

Topic: JAXX WARNING! All of the ETC's stolen! (Read 244 times)

sr. member
Activity: 1246
Merit: 261
★ Investor | Trader | Promoter
July 20, 2018, 11:17:23 AM
#11
During my investigation I discovered that everything actually started nowhere other than on the Ubisoft server which is under severe Ddos attack these days. I remember that a few days before my coins were stolen, I received a message from Ubisoft account in which I was informed that I have been successfuly logged on (!!!!!!!!!!!!!!), but I haven't used that account for years, actually I have completely forgotten to have it opened. So the e-mail address was enough for the spiral to escalate. So, From the e-mail address they found on Ubisoft account, shitty thiefs were able to crack both Cryptopia and Hitbitc! (I have moved everything from there long time ago), then a simple ETC address on which some of coins were transfered was enough for miserable non existent JAXX security to be cracked. So, no more ubisoft, cryptopia, hitbtc and jaxx for me....I hope this experience might help others.
Honestly, this sounds like the OP has used the same login/password details on multiple sites... and those details have ended up in some of the massive password dumps that have been released (ie. the ones that "have I been pwned?" scans)

Using different passwords on each site... and 2FA (which I know Cryptopia offers) would negate a lot of these issues.

As for how the ETC disappeared... either the OP has a compromised machine and the well known Jaxx vulnerability has been exploited after his wallet files were transferred off the machine, or they did something to compromise the security of their wallet (uploaded a copy to online storage or saved a copy of their seed online etc).

Given the long list of sites that their accounts have been compromised on, I'd guess they stored a wallet backup or unencrypted copy of their seed on something like dropbox or email etc... and that account was also compromised.

Hopefully via browser password details he lost the funds on the jaxx wallet. I am also using the Jaxx wallet in my Android mobile but I did not find any loose and hacking problem so far in the wallets. Please keep the seed at the good place where no can to access towards it.

Then there are many ways to keep the wallet secured. You can enable pin for making transaction and then you can go with the Google authenticator also to have the security concerns for it.

Right. Depends on how secured the wallets are kept. Activate google 2FA authendication, Pin for transactions, store the key words written and stored in a secured place and do not store where public view is possible. More over get into the correct URL. Make sure your URL begins with https//:

Activate all the options provided by the respected wallet.
hero member
Activity: 966
Merit: 513
July 20, 2018, 09:42:01 AM
#10
During my investigation I discovered that everything actually started nowhere other than on the Ubisoft server which is under severe Ddos attack these days. I remember that a few days before my coins were stolen, I received a message from Ubisoft account in which I was informed that I have been successfuly logged on (!!!!!!!!!!!!!!), but I haven't used that account for years, actually I have completely forgotten to have it opened. So the e-mail address was enough for the spiral to escalate. So, From the e-mail address they found on Ubisoft account, shitty thiefs were able to crack both Cryptopia and Hitbitc! (I have moved everything from there long time ago), then a simple ETC address on which some of coins were transfered was enough for miserable non existent JAXX security to be cracked. So, no more ubisoft, cryptopia, hitbtc and jaxx for me....I hope this experience might help others.
Honestly, this sounds like the OP has used the same login/password details on multiple sites... and those details have ended up in some of the massive password dumps that have been released (ie. the ones that "have I been pwned?" scans)

Using different passwords on each site... and 2FA (which I know Cryptopia offers) would negate a lot of these issues.

As for how the ETC disappeared... either the OP has a compromised machine and the well known Jaxx vulnerability has been exploited after his wallet files were transferred off the machine, or they did something to compromise the security of their wallet (uploaded a copy to online storage or saved a copy of their seed online etc).

Given the long list of sites that their accounts have been compromised on, I'd guess they stored a wallet backup or unencrypted copy of their seed on something like dropbox or email etc... and that account was also compromised.

Hopefully via browser password details he lost the funds on the jaxx wallet. I am also using the Jaxx wallet in my Android mobile but I did not find any loose and hacking problem so far in the wallets. Please keep the seed at the good place where no can to access towards it.

Then there are many ways to keep the wallet secured. You can enable pin for making transaction and then you can go with the Google authenticator also to have the security concerns for it.
HCP
legendary
Activity: 2086
Merit: 4363
July 20, 2018, 03:48:12 AM
#9
During my investigation I discovered that everything actually started nowhere other than on the Ubisoft server which is under severe Ddos attack these days. I remember that a few days before my coins were stolen, I received a message from Ubisoft account in which I was informed that I have been successfuly logged on (!!!!!!!!!!!!!!), but I haven't used that account for years, actually I have completely forgotten to have it opened. So the e-mail address was enough for the spiral to escalate. So, From the e-mail address they found on Ubisoft account, shitty thiefs were able to crack both Cryptopia and Hitbitc! (I have moved everything from there long time ago), then a simple ETC address on which some of coins were transfered was enough for miserable non existent JAXX security to be cracked. So, no more ubisoft, cryptopia, hitbtc and jaxx for me....I hope this experience might help others.
Honestly, this sounds like the OP has used the same login/password details on multiple sites... and those details have ended up in some of the massive password dumps that have been released (ie. the ones that "have I been pwned?" scans)

Using different passwords on each site... and 2FA (which I know Cryptopia offers) would negate a lot of these issues.

As for how the ETC disappeared... either the OP has a compromised machine and the well known Jaxx vulnerability has been exploited after his wallet files were transferred off the machine, or they did something to compromise the security of their wallet (uploaded a copy to online storage or saved a copy of their seed online etc).

Given the long list of sites that their accounts have been compromised on, I'd guess they stored a wallet backup or unencrypted copy of their seed on something like dropbox or email etc... and that account was also compromised.
legendary
Activity: 1624
Merit: 2481
July 19, 2018, 02:28:30 PM
#8
Wooow, I think you personally believe JAXX is completely decentralised platform and they do not have any access to the user wallets....we're going to leave it there, because you obviously did not read my second  sentence in the original message. No point to discuss it with people who do not read nor understand.


So, you are talking about this (second) sentence:

I have Jaxx installed on one single device which turns on only to check the JAXX, also JAXX is pin protected and I have more layers of virus protection.


Then you obviously didn't read my first reply, because i have quoted exactly this sentence..

[...] and I have more layers of virus protection.

If this means, that you have multiple AV software installed, then this might have caused the lack of security.


I am sorry that you lost coins using jaxx, but users have been warned quite often since jaxx is known to be vulnerable (and buggy).
And i am also sorry to tell you that your coins havn't been stolen by jaxx developers.

It is a fact that the majority (i am talking about 70%+) of the users in the crypto space do not have a clue how to protect a wallet properly.
And unfortunately you seem to be one of them.

I know that the easiest way is to blame others, but unfortunately you are the only one who is responsible for the security of your coins.
Obviously, your setup wasn't as secure as you thought it was.

Take it as a lecture and try to understand what your mistake was. Try to learn from it instead of blaming others.
newbie
Activity: 4
Merit: 0
July 19, 2018, 02:15:06 PM
#7
[...] then a simple ETC address on which some of coins were transfered was enough for miserable non existent JAXX security to be cracked. So, no more ubisoft, cryptopia, hitbtc and jaxx for me....I hope this experience might help others.

Just because an attacker gained access to your exchange-accounts and one of your addresses, he still wouldn't be able to get the private key out of your jaxx wallet.
Those online services (accounts hacked or not) are not related to the theft of your coins (private keys) from your desktop wallet.

The only option is that your system is infected (assuming you did create a new seed in jaxx and didn't use an old seed which is accessible anywhere else).

An exchange account and your address can under no circumstances lead to your private key (stored locally on your PC) to be accessed.


So, either someone had physical access to your computer, your computer is infected or you have stored your seed somewhere not safe (e.g. anywhere online).

Wooow, I think you personally believe JAXX is completely decentralised platform and they do not have any access to the user wallets....we're going to leave it there, because you obviously did not read my second  sentence in the original message. No point to discuss it with people who do not read nor understand.

 
legendary
Activity: 1624
Merit: 2481
July 19, 2018, 08:56:53 AM
#6
[...] then a simple ETC address on which some of coins were transfered was enough for miserable non existent JAXX security to be cracked. So, no more ubisoft, cryptopia, hitbtc and jaxx for me....I hope this experience might help others.

Just because an attacker gained access to your exchange-accounts and one of your addresses, he still wouldn't be able to get the private key out of your jaxx wallet.
Those online services (accounts hacked or not) are not related to the theft of your coins (private keys) from your desktop wallet.

The only option is that your system is infected (assuming you did create a new seed in jaxx and didn't use an old seed which is accessible anywhere else).

An exchange account and your address can under no circumstances lead to your private key (stored locally on your PC) to be accessed.


So, either someone had physical access to your computer, your computer is infected or you have stored your seed somewhere not safe (e.g. anywhere online).
newbie
Activity: 4
Merit: 0
July 18, 2018, 06:22:42 PM
#5
All of my ETC coins have been stolen from JAXX wallet. I have Jaxx installed on one single device which turns on only to check the JAXX, also JAXX is pin protected

Jaxx is known to be extremely buggy and vulnerable.
Anyone with access to your PC can dump the private keys (regardless of opening Jaxx, PIN, etc.. ).

Unfortunately there isn't much you can do. The next time use a trusted wallet (e.g. best example of a light-weight one: electrum)


I'm using more different wallets for storage of the coins. But Jaxx and it's support...never ever.

[...] and I have more layers of virus protection.

If this means, that you have multiple AV software installed, then this might have caused the lack of security.
NEVER have more than one AV installed. With more than one AV software, they are interference each other, making your whole system way weaker than with just one AV.

Quote
Definitely make sure to properly(!) check your system for any malware. The best way would be to completely format your drive and reinstall your OS (do not use cracked (windows)OS, since they ALL(!) contain backdoors).

Actually, system is completely clean and 100% virus and malware free, with many layers of security I was thinking about something else (bot Hw and Sw). During my investigation I discovered that everything actually started nowhere other than on the Ubisoft server which is under severe Ddos attack these days. I remember that a few days before my coins were stolen, I received a message from Ubisoft account in which I was informed that I have been successfuly logged on (!!!!!!!!!!!!!!), but I haven't used that account for years, actually I have completely forgotten to have it opened. So the e-mail address was enough for the spiral to escalate. So, From the e-mail address they found on Ubisoft account, shitty thiefs were able to crack both Cryptopia and Hitbitc! (I have moved everything from there long time ago), then a simple ETC address on which some of coins were transfered was enough for miserable non existent JAXX security to be cracked. So, no more ubisoft, cryptopia, hitbtc and jaxx for me....I hope this experience might help others.


newbie
Activity: 17
Merit: 0
July 17, 2018, 04:47:41 AM
#4
Thank you for this post and thank you for updating us. I just installed JAXX on my iPhone to try their wallet... but i think i am going to uninstall this app, and continue using COINOMI.
legendary
Activity: 1624
Merit: 2481
July 17, 2018, 04:40:17 AM
#3
All of my ETC coins have been stolen from JAXX wallet. I have Jaxx installed on one single device which turns on only to check the JAXX, also JAXX is pin protected

Jaxx is known to be extremely buggy and vulnerable.
Anyone with access to your PC can dump the private keys (regardless of opening Jaxx, PIN, etc.. ).

Unfortunately there isn't much you can do. The next time use a trusted wallet (e.g. best example of a light-weight one: electrum)



[...] and I have more layers of virus protection.

If this means, that you have multiple AV software installed, then this might have caused the lack of security.
NEVER have more than one AV installed. With more than one AV software, they are interference each other, making your whole system way weaker than with just one AV.

Definitely make sure to properly(!) check your system for any malware. The best way would be to completely format your drive and reinstall your OS (do not use cracked (windows)OS, since they ALL(!) contain backdoors).
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
July 16, 2018, 06:49:08 PM
#2
Jaxx wallet is known a buggy wallet and there are many people use this wallet and stole their coins even they had all 3rd layer of security look at this old thread https://bitcointalksearch.org/topic/jaxx-bitcoinethereum-wallet-do-not-use-1434101

I advice to stop using their wallet and I suggest you to use coinomi wallet as alternative.
newbie
Activity: 4
Merit: 0
July 16, 2018, 04:15:35 PM
#1
All of my ETC coins have been stolen from JAXX wallet. I have Jaxx installed on one single device which turns on only to check the JAXX, also JAXX is pin protected and I have more layers of virus protection. In the last few months JAXX was really shitty with handling ETC coins, some weeks ago, it did not show proper ammount of ETC on any wallet, and they have assured us that everything is fine, wel it's not fine because anyone can go into JAXX wheter your device is on or off and take everything from it.

I contacted the JAXX support with very detailed explanation on what's happened and they really did not care about the clear case of theft, of course this shitty piece of their own shitty crap software is not their problem, instead of finding and stopping transactions, they have given me very smart instructions on how not to give my master password to anybody in the future, and also not to show anyone any of my personal JAXX details...very helpful.

My ETC coins have been transfered to this ETC addresses:


0x88e4bf14b72e20dca85b3271e0da05f6df50bf7d

0xfdd78ebe86c3c8027df7fd3b777a679841e0c727



Cheers.
Jump to: