• Advertise
  • Submit a Press Release
  • Contact Us
Blockchain & Cryptocurrencies Tabloid
  • Finance & Blockchain News
  • Bitcoin News
    Tim Draper Urges Bitcoin Adoption, Predicts $250K by 2025

    Tim Draper Urges Bitcoin Adoption, Predicts $250K by 2025

    Tim Draper Reiterates Bitcoin Price Forecast for 2025

    Tim Draper Reiterates Bitcoin Price Forecast for 2025

    Tim Draper Advocates Bitcoin for Business Resilience

    Tim Draper Advocates Bitcoin for Business Resilience

    Tim Draper Reasserts Bitcoin $250k Target Amid Business Warnings

    Tim Draper Reasserts Bitcoin $250k Target Amid Business Warnings

    Brazil Considers National Bitcoin Reserve Proposal

    Brazil Considers National Bitcoin Reserve Proposal

    Brazil Explores Bitcoin Reserve with Parliamentary Hearing

    Brazil Explores Bitcoin Reserve with Parliamentary Hearing

  • Altcoin News
    • All
    • Bitcoin Cash
    • Cardano
    • EOS
    • Ethereum
    • Litecoin
    • Monero
    • Ripple
    • Stellar
    Hyperliquid's USDH Stablecoin Set for Imminent Launch

    Hyperliquid’s USDH Stablecoin Set for Imminent Launch

    Avantis Witnesses 35% Surge Post Listings

    Avantis (AVNT) Gains 35% After South Korean Exchange Listings

    Coinbase-Backed Avantis Token Surges Amid Airdrop Activity

    Coinbase-Backed Avantis Token Surges Amid Airdrop Activity

    BitMine Purchases Record Ethereum, Leads Corporate Holding

    BitMine Purchases Record Ethereum, Leads Corporate Holding

    Bitmine's Strategic Ethereum Acquisition

    Bitmine Acquires 276.8K ETH, Aims for 5% Supply Control

    Galaxy Digital Acquires Over 1.2M Solana Tokens

    Galaxy Digital Acquires Over 1.2M Solana Tokens

    Trending Tags

    • Ethereum
    • Bitcoin Cash
    • Litecoin
    • Monero
    • Ripple
  • Crypto 101
    • All
    • Cryptocurrencies
    • Exchanges
    • Services
    • Wallets
    Benefits Of Choosing the Right AI Trading Bot

    4 Benefits Of Choosing the Right AI Trading Bot

    Crypto Trading

    A Beginner’s Guide to Crypto Trading: Unlocking the World of Digital Coins

    BitcoinGames.com

    BitcoinGames.com Introduces the Ultimate Casino Gaming Experience with Bitcoin

    How AI is Helping Athletes and Fans Get the Most out of the Game

    From Training to Judging, AI is Entering the Ring

    Top 5 Websites for Buying Gift Cards with Crypto

    Clutch Savours – Gift Certificates You Can Buy with Crypto

    Layer 2 Blockchains

    Everything You Need To Know About Layer 2 Blockchains

  • Blockchain Events
No Result
View All Result
Blockchain & Cryptocurrencies Tabloid
No Result
View All Result

Major Coinomi Wallet Vulnerability Exposed

Anca F. by Anca F.
February 27, 2019
in Latest News
Coinomi vulnerability

A critical vulnerability was found in the crypto mobile wallet Coinomi when a user lost $60k-70k of cryptocurrency after he installed the app. According to users, the platform sent plain text seed phrases to Google API for spellchecking.

IT security consultant, Warith Al Maawali, is the person attributed to first discovering the problem. But he made this discovery at the cost of his own crypto, and because of this he made a website avoid-coinomi.com detailing the events and cautioning others to not use the service.

“First of all I admit it was my mistake trusting Coinomi wallet by inserting one of my main wallets (Exodus wallet) passphrase into their application,” Al Maawali wrote on his website.

“I wanted to shift some of the assets that were not supported by Exodus wallet using the same passphrase/seed.”

The consultant went on to explain that their main application, which was installed on February 14 by the user, was not digitally signed, and he alerted the Coinomi team through Twitter about this issue- but he had already entered his passphrase for his Exodus wallet into the non-signed one.

He noticed afterward on February 22nd that “more than 90% of my Exodus wallet assets were transferred to multiple wallet addresses and the first transaction began with BTC on 19th February 2019 around UTC 3:30 AM. Then followed by ETH (including ERC20 tokens), LTC and finally BCH.”

When he began delving deeper into the matter, he found out that the entire passphrase, which was written in plain text, was sent to a third party domain (googleapis.com) for spellchecking purposes.

“As a result, someone from Google’s team or whoever had access to the HTTP requests that are sent to googleapis.com found the passphrase and used it to steal my USD 60K – USD 70K worth crypto assets (at current market price). Anyone who is involved in technology and crypto-currency knows that a 12 random English words separated by spaces will probably be a passphrase to a cryptocurrency wallet,” u/warith wrote.

He alerted Coinomi of what he discovered, but he did not get the response he was expecting.

“Coinomi’s team did not reflect any responsible behavior and they kept asking me about the technical issue behind the bug because they were worried about their public image and reputation. They kept reminding me (kinda threatening me) of the legal implications if I go public with the information I have and they forgot their legal responsibility for my stolen crypto assets as well as the risk that impacts other users of the wallet.”

The user said he will be taking legal action against Coinomi LTD, should the company not take assume fault for the technical issue that has caused him financial damage. He also received a reward from Coinomi for finding the bug, but he is not satisfied with the response given to him in relation to his lost funds.

Coinomi apparently solved the bug and kept quiet. They have identified the addresses and blacklisted them, and the funds have not been touched since the incident.

This isn’t the first privacy breach Coinomi has experienced. Last year, user addresses were leaked by the wallet in plain-text on opening.

Tags: Coinomi walletCoinomi wallet vulnerabilitylost fundsSecurity bug
Previous Post

Wirex Extends Support to Include 10 New Fiat Currencies

Next Post

Best Cardano Wallets: Where to Store Your ADA

Anca F.

Anca F.

Related Posts

Bitmine Acquires 276.8K ETH Amid Market Dynamics

Bitmine Acquires 276.8K ETH Amid Market Dynamics

by Joshua T.
September 15, 2025

Bitmine Immersion Technologies buys 276.8K ETH, driving notable market impact.

Crypto Market Liquidations and Their Impact

Crypto Market Faces $309M Liquidation Impact

by Solomon M.
September 15, 2025

$309M crypto liquidated, $217M from longs, affecting key assets like BTC, ETH.

Market Liquidations Highlight Crypto Volatility

Crypto Market Hit: $309M Liquidations Recorded

by Solomon M.
September 15, 2025

$309M crypto liquidations in 24 hours, impacting BTC, ETH. Key exchanges involved.

Mastercard's Collaboration Enhances Crypto Payments via Stablecoins

Mastercard’s Collaboration Enhances Crypto Payments via Stablecoins

by Solomon M.
September 15, 2025

Mastercard partners with Web3 firms, expanding crypto payments with stablecoins for global transactions.

Mastercard and Ethereum Payments: Key Takeaways

Mastercard Does Not Yet Support Ethereum Payments Directly

by Solomon M.
September 15, 2025

Mastercard's focus remains on stablecoin integration, not Ethereum payments directly.

CoinGape Launches 2025 Crypto Education Initiative

CoinGape Launches 2025 Crypto Education Initiative

by Solomon M.
September 14, 2025

CoinGape begins Crypto Education Initiative 2025 to enhance blockchain literacy and transparency.

We Recommend

Top Rated Casinos
Bitstarz Casino

BitcoinCasino.io
Top Crypto Betting
1xBit.com
Top Rated Exchanges
Binance Exchange

Bityard.com
Top Advertising Services
Coinzilla Display Network
Top Crypto Wallets
Ledger Nano X

  • Terms and Conditions
  • Privacy Policy
  • Advertise
  • About Us
  • Contact Us

© 2018-2019 theccpress.com by Brantell Media.

No Result
View All Result
  • Finance & Blockchain News
  • Bitcoin News
  • Altcoin News
  • Crypto 101
  • Blockchain Events

© 2018 - 2019 theccpress.com, a Brantell Media project.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.