Toby Vervaart

Jun 13, 2017

Temporarily securing your Jaxx wallet

Recently it’s become public knowledge that Jaxx has a security flaw which enables an attacker to gain access to your mnemonic key very easily. This is pretty bad as any malware can now attack the Jaxx wallet regardless of whether the user has it open or not and can facilitate the theft of all coins in the wallet.

If you have Jaxx wallet on OS X it’s currently at risk. You can follow the below steps to secure it for the time being until you have a new wallet to transfer your funds to.

  1. Open Disk Utility (located in Applications/Utilities)

  2. From the File menu select New Image > Image from folder

  3. In the file selection dialog box press command + shift + gand enter ~/Library/Application Support/Jaxx and press go. Select the Local Storage folder.

  4. Name the dmg file whatever you’d like and select a location to save it to.

  5. Next to encryption select AES256 and enter a secure password. Don’t forget this password otherwise you’ll lose access to your Jaxx wallet.

  6. Next to image format select read/write.

  7. When you’re finished press save. Disk Utility will create the encrypted image for you. Make sure you back this image up.

  8. Double click on the disk image you’ve just created and enter your password to mount it.

  9. Open your terminal application (located in Applications/Utilities).

  10. Type cd ~/Library/Application\ Support/Jaxx and press enter.

  11. Type open . to open a Finder window in the Jaxx folder.

  12. Inside the Local Storage folder move the following files to the trash: file__0.localstorage & file__0.localstorage-journal

  13. Inside the terminal window type ln -s /Volumes/Local\ Storage/file__0.localstorage file__0.localstorage && ln -s /Volumes/Local\ Storage/file__0.localstorage-journal file__0.localstorage-journal This will symlink the files in your encrypted disk image to your computer.

  14. Open Jaxx and verify that everything is still working, then close it again.

  15. Unmount the disk image.

  16. Empty the trash.

Since the Jaxx localstorage files now reside in your encrypted disk image attackers should be unable to access them in order to decrypt your mnemonic key, thus keeping your wallet safe for the time being.

All you need to remember to do is to mount the disk image before you open Jaxx. If you forget to do this Jaxx will think no wallet currently exists and start it’s setup process.

Keep in mind that your key can still be stolen if an attack occurs while you have your disk imaged mounted but this process should keep your attack surface low whilst you change to a new wallet.