One of the major issues with technology is security vulnerability, and blockchain technology is not immune to these. On Tuesday, the security research arm of Cheetah Mobile revealed some major security issues with two widely used mobile-based cryptocurrency wallets – Bitcoin.com Wallet and Jaxx Blockchain Wallet.
In a released statement, Cheetah Mobile Blockchain Research Lab said that its researchers came across these security vulnerabilities while researching for a whitepaper called “2018 Global Cryptocurrency Wallet Security White Paper”, which it published recently. The whitepaper itself explores the security threats related to private key storage on mobile cryptocurrency wallets.
According to the firm’s statement, Bitcoin Wallet stores mnemonic phrases in plain text format on the phone’s operating system, which is very unsafe considering the complexity of the operating system. A hacker can easily access Bitcoin Wallet’s mnemonic phrases using any app that bypasses security barriers to gain ROOT access.
The researchers further explained that hackers don’t even need ROOT access to exploit the operating system vulnerabilities, as by simply connecting the charging port of the mobile phone to a hacker-controlled device, they can easily gain Bitcoin Wallet’s mnemonic phrases and private keys.
ATFX Q1 2020 Market Outlook Report: Weighing Geopolitical FactorsGo to article >>
For Jaxx Blockchain Wallet, the process of gaining access to private keys is even simpler, as hackers can do this by decrypting codes of the wallet’s private key data files.
Cheetah Mobile Blockchain Research Lab’s senior researcher Wei Li said: “If a wallet isn’t designed properly, users face the possibility of their private keys being lost or stolen. We believe it’s important to issue this warning so that users can understand the risks of using certain wallets and protect their digital assets.”
The researchers even advised the users of both the wallets to transfer their holding cryptocurrencies from these two wallets to other secure platforms.
“For users that have their digital assets stored in either of these wallets, Cheetah Mobile Blockchain Research Lab recommends that they immediately transfer them to a secure wallet such as SafeWallet, developed by Cheetah Mobile. SafeWallet possesses an innovative three-tiered security defense system and easy-to-use interface that allows users to safely and conveniently secure and manage their cryptocurrency assets,” the statement added.
Security vulnerabilities in cryptocurrency wallets are nothing new. Some of the biggest attacks had been pulled off by hackers on cryptocurrency wallet platforms stealing millions of dollars.
In November last year, around $300 million funds in cryptocurrencies were locked in the popular Parity Wallet due to some vulnerabilities, and later that month, news of another theft from a little-known wallet platform CoinPouch surfaced. On that occasion hackers stole $675,000 worth of Verge coins.