Crypto Game
  • Advertise
  • Submit a Press Release
  • Contact Us
Blockchain & Cryptocurrencies Tabloid
  • Finance & Blockchain News
  • Bitcoin News

    K Wave Media Boosts Bitcoin Reserves, Shares Surge 130%

    K Wave Media Plans Bitcoin Acquisition, Stock Surges 130%

    K Wave Media’s Stock Soars Amid Bitcoin Investment Plan

    K Wave Media to Acquire Bitcoin in New Strategy

    Michael Saylor Initiates Sale of Bitcoin-Themed Ties

    Trump’s Bill Sparks Bitcoin Enthusiasm Among Economists

  • Altcoin News
    • All
    • Bitcoin Cash
    • Cardano
    • EOS
    • Ethereum
    • Litecoin
    • Monero
    • Ripple
    • Stellar

    SEC Delays Decision on Canary’s Litecoin ETF Proposal

    SEC Delays Decision on Canary Spot Litecoin ETF

    SEC Postpones Decision on Canary’s Litecoin ETF Proposal

    SEC Postpones Decision on Canary Spot SUI ETF

    Cardano CEO Meets Franklin Templeton on Blockchain Strategy

    Dogecoin’s Bearish Pattern Indicates Upcoming 15% Price Drop

    Trending Tags

    • Ethereum
    • Bitcoin Cash
    • Litecoin
    • Monero
    • Ripple
  • Crypto 101
    • All
    • Cryptocurrencies
    • Exchanges
    • Services
    • Wallets
    Benefits Of Choosing the Right AI Trading Bot

    4 Benefits Of Choosing the Right AI Trading Bot

    Crypto Trading

    A Beginner’s Guide to Crypto Trading: Unlocking the World of Digital Coins

    BitcoinGames.com

    BitcoinGames.com Introduces the Ultimate Casino Gaming Experience with Bitcoin

    How AI is Helping Athletes and Fans Get the Most out of the Game

    From Training to Judging, AI is Entering the Ring

    Top 5 Websites for Buying Gift Cards with Crypto

    Clutch Savours – Gift Certificates You Can Buy with Crypto

    Layer 2 Blockchains

    Everything You Need To Know About Layer 2 Blockchains

  • Blockchain Events
No Result
View All Result
Blockchain & Cryptocurrencies Tabloid
No Result
View All Result

Major Coinomi Wallet Vulnerability Exposed

Anca F. by Anca F.
February 27, 2019
in Latest News
Coinomi vulnerability

A critical vulnerability was found in the crypto mobile wallet Coinomi when a user lost $60k-70k of cryptocurrency after he installed the app. According to users, the platform sent plain text seed phrases to Google API for spellchecking.

IT security consultant, Warith Al Maawali, is the person attributed to first discovering the problem. But he made this discovery at the cost of his own crypto, and because of this he made a website avoid-coinomi.com detailing the events and cautioning others to not use the service.

“First of all I admit it was my mistake trusting Coinomi wallet by inserting one of my main wallets (Exodus wallet) passphrase into their application,” Al Maawali wrote on his website.

“I wanted to shift some of the assets that were not supported by Exodus wallet using the same passphrase/seed.”

The consultant went on to explain that their main application, which was installed on February 14 by the user, was not digitally signed, and he alerted the Coinomi team through Twitter about this issue- but he had already entered his passphrase for his Exodus wallet into the non-signed one.

He noticed afterward on February 22nd that “more than 90% of my Exodus wallet assets were transferred to multiple wallet addresses and the first transaction began with BTC on 19th February 2019 around UTC 3:30 AM. Then followed by ETH (including ERC20 tokens), LTC and finally BCH.”

When he began delving deeper into the matter, he found out that the entire passphrase, which was written in plain text, was sent to a third party domain (googleapis.com) for spellchecking purposes.

“As a result, someone from Google’s team or whoever had access to the HTTP requests that are sent to googleapis.com found the passphrase and used it to steal my USD 60K – USD 70K worth crypto assets (at current market price). Anyone who is involved in technology and crypto-currency knows that a 12 random English words separated by spaces will probably be a passphrase to a cryptocurrency wallet,” u/warith wrote.

He alerted Coinomi of what he discovered, but he did not get the response he was expecting.

“Coinomi’s team did not reflect any responsible behavior and they kept asking me about the technical issue behind the bug because they were worried about their public image and reputation. They kept reminding me (kinda threatening me) of the legal implications if I go public with the information I have and they forgot their legal responsibility for my stolen crypto assets as well as the risk that impacts other users of the wallet.”

The user said he will be taking legal action against Coinomi LTD, should the company not take assume fault for the technical issue that has caused him financial damage. He also received a reward from Coinomi for finding the bug, but he is not satisfied with the response given to him in relation to his lost funds.

Coinomi apparently solved the bug and kept quiet. They have identified the addresses and blacklisted them, and the funds have not been touched since the incident.

This isn’t the first privacy breach Coinomi has experienced. Last year, user addresses were leaked by the wallet in plain-text on opening.

Tags: Coinomi walletCoinomi wallet vulnerabilitylost fundsSecurity bug
Previous Post

Wirex Extends Support to Include 10 New Fiat Currencies

Next Post

Best Cardano Wallets: Where to Store Your ADA

Anca F.

Anca F.

Related Posts

Ripple CEO Denies $5 Billion Circle Acquisition Rumor

by Solomon M.
June 4, 2025

Ripple's CEO denies acquisition rumors; market remains stable with no impact on digital assets.

JPMorgan Chase Accepts Bitcoin Crypto ETFs as Loan Collateral

by Solomon M.
June 4, 2025

JPMorgan Chase to accept Bitcoin and crypto ETFs for loans, marking institutional adoption.

Binance Enhances Alpha Points Security Against Bots

by Solomon M.
June 4, 2025

Binance upgrades systems to prevent bot abuse in Alpha Points program, ensuring fair access.

Moscow Stock Exchange Lists BlackRock Bitcoin ETF Futures

by Solomon M.
June 4, 2025

Moscow Stock Exchange lists futures on BlackRock's Bitcoin ETF, a regulated crypto product for Russian investors.

Donald Trump Jr. Denies Involvement in $TRUMP Memecoin

by Solomon M.
June 4, 2025

Donald Trump Jr. disclaims connection to $TRUMP memecoin, focusing on stablecoins and Bitcoin mining.

WazirX Relocates to Panama after Singapore Court Rejection

by Solomon M.
June 4, 2025

WazirX moves to Panama following a Singapore court's rejection of its restructuring proposal, impacting users' funds.

We Recommend

Top Rated Casinos
Bitstarz Casino

BitcoinCasino.io
Top Crypto Betting
1xBit.com
Top Rated Exchanges
Binance Exchange

Bityard.com
Top Advertising Services
Coinzilla Display Network
Top Crypto Wallets
Ledger Nano X

  • Terms and Conditions
  • Privacy Policy
  • Advertise
  • About Us
  • Contact Us

© 2018-2019 theccpress.com by Brantell Media.

No Result
View All Result
  • Finance & Blockchain News
  • Bitcoin News
  • Altcoin News
  • Crypto 101
  • Blockchain Events

© 2018 - 2019 theccpress.com, a Brantell Media project.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.