Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Technology » Crypto Wallet Vulnerabilities Could Encourage Cheetahs

Crypto Wallet Vulnerabilities Could Encourage Cheetahs

by
Cheetah Mobile Blockchain Research Lab discovers cryto wallet vulnerabilities in Bitcoin and JAXX wallets.

Share this article

Cheetah Mobile, a Chinese mobile app company, recently released a report claiming to have found security vulnerabilities in two popular Bitcoin crypto wallets – Jaxx Blockchain Wallet and Bitcoin.com wallet.

Note that the company also just released their very own crypto wallet in the space called SafeWallet. Their white paper lists a number of tenets to follow when choosing a safe crypto wallet.

Cheetah Mobile has claimed to have notified both wallets of its findings.

Reported Vulnerabilities

The Blockchain Research Lab arm of the company discovered these problems within each individual app. For example in the Bitcoin Wallet, mnemonic phrases were saved in plain text format within the app. As this file format: “/data/data/com.bitcoin.mwallet”  exists within the phone’s operating system as a plain text – there is a possibility that a rogue app could gain ROOT access to to the system. If a user installs a malicious app, one that’s targeting a known BTC holder for example – they could gain access to the mnemonic phrases and compromise their private keys.

The way that Jaxx decrypts their private key files is by using an AES encryption algorithm. The  U.S. National Institute of Standards and Technology essentially considers this method as the gold standard of encryption, as it is the federal government standard. Cheetah Mobile makes no qualms into the security of this method, but claims that the Jaxx developer team has made a mistake in implementation. The AES-encryption was directly put into the app’s code rather than through random generation.

The fear is that once encrypted private key files have been taken and easily decrypted, user’s crypto wallets could be drained. Other third parties have found security flaws within Jaxx too. Like the fact that it stores your profile within an %APPDATA% folder. All of the information needed to access your account is within this file. If you were to take this data out and of the folder and open it up another PC – all of your information is there without the need to re-authenticate.

With this information a keen hacker could withdraw from your entire wallet in a few minutes without any additional authentication.

Room for Crypto Wallet Cooperation?

Throughout the years, there have been numerous hacks and attacks to both wallets and popular exchanges. Mt.Gox, which in 2014 was trading 70% of all bitcoins, was completely knocked out of commission. Popular exchanges like BItstamp have even been the victims of large scale hacks because of security flaws.

Rather than using security vulnerabilities in some one upmanship game of product differentiation, commercial entities within the wallet industry have an opportunity and responsibility to keep each other safe. A kind of Antivirus model in the crypto wallet space could foster an environment of increased security.

Standard security practices could be implemented and enforced so that the end consumer knows for a fact that they’re covered when they use a crypto wallet. This would by no means be a draconian measure forced on unwilling developers, but would instead set a guideline for security.

Have a favorite crypto wallet? Discuss it in our Telegram Group.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.