Chinese mobile app company Cheetah Mobile’s blockchain research arm, Cheetah Mobile Blockchain Research Lab, recently revealed it found two highly-used, mobile cryptocurrency wallets have “major security vulnerabilities” in them.
The security vulnerabilities were discovered as Cheetah Mobile was creating a white paper on cryptocurrency wallet security. The company claims that Bitcoin.com’s Bitcoin Wallet, and Jaxx Blockchain Wallet could see users lose funds as their private keys and mnemonic phrases aren’t properly secured.
Bitcoin.com’s Bitcoin Wallet, which currently has between 500,000 and 1,000,000 downloads on Android, can expose its users’ mnemonic phrases. That’s if a hacker manages to gain ROOT access to the mobile phone.
Moreover, the mnemonic phrases are reportedly stored in plain text on the user’s mobile device, and can be accessed through apps that can gain ROOT access to a device’s operating system (OS). The same thing can happen if a user connects a charging port to a hacker-controlled device.
Jaxx’s wallet, which currently has between 100,000 and 500,000 downloads on Android, could potentially give hackers access to its users’ private keys. According to Cheetah Mobile, hackers can use Android’s backup mechanisms to steal encrypted private key files, which will then have to be decrypted.
The company notes that Jaxx uses a practically unbreakable type of encryption. However, Cheetah Mobile adds that “the Jaxx team has made a major mistake,” and as such hackers can “easily decrypt” the files in which user’s private keys are stored on.
Wei Li, a senior researcher at Cheetah Mobile Blockchain Research Lab, stated:
“If a wallet isn’t designed properly, users face the possibility of their private keys being lost or stolen. We believe it’s important to issue this warning so that users can understand the risks of using certain wallets and protect their digital assets.”
Users advised to use other cryptocurrency wallets
Cheetah Mobile ends its press release by stating that users should switch to safer cryptocurrency wallets, to avoid being at risk. Earlier this year, the company launched its own cryptocurrency wallet dubbed “SafeWallet.” Expectedly, it advised users switch to SafeWallet as an alternative.
Although security isn’t something users should take lightly, switching to SafeWallet may not be the best move and users are advised to do their own research before anything else. As covered by Core Media, cybersecurity expert Lee Chen warned that this year cryptocurrency-related hacks are bound to increase.