Coinomi Wallet Allegedly Hacked, Over $60,000 Worth of Cryptocurrencies Missing

Warith Al Maawali is unhappy about losing $60,000 to $70,000 worth of cryptocurrencies while storing it in a wallet that appeared to be safe. According to the Oman-based programmer, Coinomi wallet sent the passphrase of his account to a third-party server. This made his wallet vulnerable to attack and subsequently led to its hack.

Coinomi Wallet Sends Passphrase to Google API

In a report published by Warith Al Maawali, Coinomi’s wallet purportedly sent the 12 worded passphrase of his account to a spell checker on Google’s API. The phrase on being typed in the text box was sent to the API without the user’s knowledge. As a result, 90 percent of his funds (Bitcoin, Ethereum, Litecoin, and Bitcoin cash) which were held in the wallet was stolen.
While recounting on the event that led to the loss, Al Maawali said he had downloaded the app from the official Coinomi’s website on February 14. He had trusted the Genuity of the wallet because it was recommended by reputable websites. As such, the passphrase of the exodus wallet he had been using was inputted into it.
However, he noticed that after entering his passphrase, only the setup file of the app was signed, but the application itself was not digitally signed. He went ahead to contact Coinomi about the discovery, and the platform quietly replaced the app with a newer version. The latter version was signed both on the setup file and application.

Harm Has Already Been Done Despite Changes

Despite the changes that were made, it seems the harm had already been done. Al Maawali stated that days later, he discovered that his funds had been transferred to other wallets. Given that he knows when it comes to hardware manipulation, the programmer decided to make findings to ascertain how the hack may have occurred.
According to him, the only thing he recently did was to install the app. Besides, he recalls that there was an unsigned version which he believes had a backdoor. Al Maawali is also suspicious that the hack may have been carried out by an insider; someone who has access to the developer’s code.
In his own, own words:

Please note that this security issue cannot be exploited by anyone except by the people who created it or have control over the backend.

Coinomi Was Asked to Take Responsibility for the Loss

On the other hand, Al Maawali said he had only disclosed the details of the event after giving Coinomi over 24 hours to take responsibility for his losses. However, “they fixed the issue without notifying their users, and they kept procrastinating like scumbags to buy more time,” he said.
On February 27, a Reddit user also blamed Google for the loss of his EGEM cryptocurrency. The user claimed that his Google drive account was hacked and as such, the private keys which were stored in a text file were accessed. Nonetheless, there was no third party trace of logins into the account by a different IP, device, or location.

Related posts
CBDCcryptocurrencyCryptocurrency Newsdigital currencyNews

World Central Banks Deliberate On The Future of Money

Think about it this way: “It would be a mistake to think the internet won’t do to money the same thing it’s done to communications. When was the last time you wrote a letter, as opposed to sending a mail,…
Bitcoin NewsbtcusdBTCUSDCBTCUSDTcryptocurrencyCryptocurrency NewsEthereum NewsETHUSDethusdtNewsxbtusd

S&P Dow Jones Indices Takes Bitcoin and Ethereum to the Trading Floors of Wall Street

S&P Dow Jones Indices, the leading investment benchmark and indices provider, has launched “S&P Cryptocurrency Indices” with an ambitious goal of bringing transparency to the ever-evolving cryptocurrency market. These indices will measure the performance of certain cryptocurrencies that meet specific…
cryptocurrencyCryptocurrency NewsNewsPayPalstablecoins

PayPal Is Reportedly Exploring Issuing A Stablecoin

Last fall, the world’s largest payments processor PayPal partnered with Paxos to allow users to buy, hold and sell bitcoin, ethereum, litecoin, and bitcoin cash — and the demand for its crypto service has so far exceeded the company’s expectations. …