Decentral is seeing an increase in attempted scam attacks targeting Jaxx Liberty users. These attempted attacks are almost always of a social rather than technical nature, and there are steps you can take to avoid becoming a victim.
Review details of this activity, understand how our technology model works, and learn how to protect yourself from malicious actors in the cryptocurrency ecosystem. This advice is applicable to cryptocurrency wallets in general.
Sections in this article:
- What our software does
- What our software doesn’t do
- Jaxx Liberty’s security model
- Common scams directed at Jaxx Liberty users
- What Decentral is doing to protect users and combat scammers
- Protecting yourself from scammers
- What to do if you believe you have been the victim of a scam or hack
- Going forward: keeping your new wallet safe
What our software does
Jaxx Liberty is free software that acts as an interface to blockchain protocols. Used globally by millions of people around the world since 2015, its main function is to allow users to securely control and manage digital assets, such as Bitcoin and Ethereum. Jaxx Liberty is a non-custodial wallet, meaning users and users alone are in full control of the keys to their digital assets at all times. We never have the ability to hold, access, or transfer users’ cryptocurrency.
Jaxx Liberty is owned and operated by Decentral Inc., a Canadian company that develops security and privacy-related products. The mission of Decentral is to empower individuals with the tools they need to be in complete control of their digital lives.
What our software doesn’t do
Jaxx Liberty does not require personal information from its users. We don’t ask for it, and we don’t want it. Decentral is not an “exchange” or a “virtual currency dealer.” By never holding users’ funds, engaging in the sale of cryptocurrency, or charging our users, we avoid requirements to collect user information that might be sensitive.
We leave the business of buying and selling cryptocurrency up to third parties, whether that’s a local cryptocurrency exchange or an online international seller. We simply make software to manage the technical aspects of cryptocurrency.
This allocation of responsibilities provides excellent protection of users’ personal information because we simply don’t have it.
Jaxx Liberty’s security model
Jaxx Liberty has been designed to ensure traditional direct attacks on our software are dramatically minimized. We do this by following strict operational security protocols, never holding or having access to users’ funds, and by not asking users to provide any personal identifying information to use our software. As a non-custodial wallet, users and users alone are in full control of the keys to their digital assets. This means no servers exist that can be attacked to expose users’ 12-word backup phrases, private key(s) or passwords.
But criminals are resourceful, and they frequently target unsuspecting Jaxx Liberty users individually, tricking them into revealing their security credentials. They often do this by impersonating Decentral or Jaxx Liberty. They do this because technical attacks are much more difficult against Jaxx Liberty than social attacks.
Common scams directed at Jaxx Liberty users
Due to the value and specific characteristics of cryptocurrencies, criminal activity in the sector is rampant and on the rise. Bad actors are relentless at impersonating Decentral and our products by creating fake websites, support sites, advertisements, social media accounts, etc. Scammers even create illegal fake malicious copies of our software and bypass Apple and Google gatekeepers by successfully getting copycat apps approved for distribution on app stores. New attempts to separate users from their cryptocurrencies are appearing daily.
What Decentral is doing to protect users and combat scammers
Decentral is constantly looking for and filing take-down requests. We work closely with social media platforms and internet service providers to bring new scams to light and ensure unlawful distributors across the internet are taken down whenever possible. Many times these attempts are successful; many times they are not. The greatest challenge is when scam accounts and websites are hosted in jurisdictions and countries beyond the reach of the Canadian legal system. Along with take-down requests, we are constantly developing new ways to educate and inform our users on how they can protect themselves.
Protecting Yourself from Scammers
There are many things you can do to safeguard their digital assets. Knowledge is power, and understanding what you can expect from us and how to avoid phishing and hacking attempts will help ensure you remain in control of your digital assets.
Things Decentral and Jaxx Liberty will never do
- We will never ask for your 12-word backup phrase or private key(s) (we never need those to provide support or otherwise)
- We will never ask you to send funds anywhere (Jaxx Liberty is free and any correspondence you receive to send funds for any reason—including to “authorize” or “unlock” your account—is a scam).
- We will never send you unsolicited emails or DMs on any social media platform (users are not required to provide their emails to use our app. The only way Jaxx Liberty would have your email is if you signed up for MyJAXX rewards or sent our helpdesk a ticket)
- We will never send you a written letter (we don’t have your address and we don’t want it)
- We will never call you or ask you to call us (we don’t have your phone number and we don’t want it)
- We will never require you to provide personal identifying information (your information is yours and we don’t want it)
How not to fall for Phishing Scams
Phishing is an attempt to defraud users by tricking them into thinking they represent a trusted entity, such as Decentral, Jaxx Liberty, a partner organization, or even a government. Phishing can take many forms (fake apps, fake communications, fake social media accounts), but they are all an attempt to trick you into taking one or more of the following actions:
- revealing your 12-word backup phrase
- revealing your private key(s)
- sending crypto out of your wallet
- allowing remote access to your computer
- sending Fiat money somewhere
Here’s how to stop phishing attempts in their tracks:
Ensure you are using the official Jaxx Liberty app
The best way to ensure you are using the official Jaxx Liberty app is to always download it directly from us at jaxx.io/downloads.
Look for support in-app only
In an effort to help protect our users from fake support accounts on social media, we don’t offer support through social media. Instead, we direct users to our automated in-app help feature where Jazzy, our friendly support bot, guides users to the support they need.
Only follow official Jaxx Liberty social media accounts
These are our official social media accounts. If you follow any accounts other than those listed below or if you receive a direct message (DM) or an offer for support from someone claiming to work for Jaxx Liberty, it is a scam. As mentioned above, we do not provide support on any social media channels.
- Jaxx Liberty
How to protect your device from hacking attempts
Jaxx Liberty has been designed to ensure direct attacks are exceedingly difficult (unfortunately, nothing is impossible in the world of computer/phone security). There are several attack vectors directed at user devices that can make your wallet’s security details vulnerable to hackers, including key logging, which records the keys struck on your device.
Here are a few simple actions you can take to help ensure the security of your device:
- Keep your device up-to-date
- Use trusted antivirus/malware software
- Avoid opening suspicious emails or websites
If you have visited websites, downloaded files, or opened emails that seemed suspicious, your wallet’s security details may have been exposed due to exploitable flaws that may exist in the software of your device.
Jaxx Liberty software has never been breached. All cases of missing cryptocurrency have been tied to unauthorized access to the user’s wallet. Be vigilant: following the advice outlined above will help safeguard your digital assets.
What to do if you believe you have been scammed or hacked
If you believe you were the victim of a scam or hack, we recommend you report the incident to your local authorities for investigation.
There is nothing we can do to help you get your lost assets back. All blockchain transactions are final. The only means of recovery is to contact the person or people who own the address the transaction went to, and we have no knowledge of who those people may be.
You may wish to contact a forensic investigation company or technical expert who may be able to trace the transaction(s), inspect your device(s), or find out more about what happened. We have no more knowledge about the transaction than is publicly available. We are never involved in those transactions (and can’t be, because of the technical architecture of Jaxx Liberty).
Going forward: keeping your new wallet safe
If your wallet has been compromised and you choose to create a new Jaxx Liberty wallet, please follow these five important rules:
- Only download the Jaxx Liberty app from jaxx.io/downloads
- NEVER share your wallet’s 12-word backup phrase or your private key(s) with ANYONE, and store them securely offline
- Use Jaxx Liberty’s in-app support only
- Safeguard your device(s)
- Don’t use Jaxx Liberty as a savings account for your digital assets; it is not designed to be a cold storage device. Instead, use it as you would a chequing account and store any life-changing cryptocurrency amounts in a hardware storage wallet like Ledger or Trezor.
For additional tips to keep your new wallet safe and secure, please review our post “Staying Safe: Digital Wallet Security in an Insecure World.”