Show Posts
On 28feb2022 I get hacked, 2.4bitcoin from coinomi android wallet got stolen.
It's an old Android 7, Samsung Galaxy s6edge (no root).
In 2017-2019 I use Coinomi wallet to store my bitcoin because was simple easy to use.
In summer 2019 I decide to use that phone only like a "cold storage" I have coinomi app, windscribe vpn and google apps. I choose that because was simple , once a month I power the phone do the update on coinomi and the other apps checking the wallet and shut it down.
The Coinomi wallet do not have the BIP39 passphrase implement ate at that time but I secure the wallet with a passowrd , with a pin number in case somebody had the phone to be hard to unlock it.
At the end of February2022 I update the coinomi wallet to version 1.25.2 build 430 core 220 all work fine update done, I check the wallet the bitcoin was there (I also choose the feature " Mark do-not-spend " in case somebody open the wallet no amount was display ) but today I check the address of my wallet (I have it saved in tor browser to be simple to check the utxo ) and I see the coins were moved https://oxt.me/transaction/812f73d94bc1eb029e72930427ea27bee4e668accaad4d3fc167a24f1de364a5 how can this happen ? since nobody have access to the phone.
The seed was stored on paper ,nobody see it ,plus I wrote the words in other order so only I can know the right order.
I'm sure something was wrong with the update since is noot an open source wallet nobody knows what that wallet can send out butt I think the wallet send the seed out to somebody because passed 3 and half years and the seed was safe inside it only know happen..only after the update.
After 5 hops I saw the bitcoin Is sent to Binance exchange address https://oxt.me/transaction/2984598d66601f7cf922f819b32da464733ec00bd5e71ce76ca6627fdc97e38f I do not have a binance account but I chat with them to the live chat:
Greetings from Binance security team! We are very sorry to hear about your situation. Upon checking we have found that the funds are in Fixed Float wallet.
The funds appear in the blockchain to have been sent to Binance because Fixed Float is a Binance Broker, this means it is another company that has a wallet with Binance for its liquidity and order book. This broker has many users, so we don't know the exact end user who received your stolen funds, we only know the funds were transfer to the Fixed Float hot wallet.
I know fixedfloat is a noKYC exchange own by russians and many bitcoins come and go to the Hydra Market.
I talk on telegram with the support guy named Angelo and via support ticked but they say that the wallet is working perfect and they are on the market since 2014 and nobody have issues, some years ago I remember a guy that also lose funds from coinomi desktop wallet was a big fuss then but nobody believe it neither I but now I think something is not ok.
My question is how can somebody take the seed from the wallet if that wallet was shut down 95% of the time since summer 2019 ?
I was careful with the coinomi app , always FORCE STOP and only open the app if the VPN was on.
For me is very strange that my bitcoin was stolen after the update.
That update had something that read the seed and sent it out, I can't see other explication.
I just wanna share my experience , I do blame the guys that work on Coinomi , they always say the wallet is safe nobody lose funds it's impossible to be able to see your seed but the app is not open source so how can this be true ?
Via support ticket they wrote me this:
After looking through the details given we can confirm the transaction was sent from a device where Coinomi was installed. However, due to the nature of cryptocurrency transactions we cannot say 'whom' made this transaction since we are a non-custodial wallet software which means we do not track any sort of user data.
Coinomi is one of the most widely known multicoin wallets and also one of the easiest to use. This means it is more likely than you think for someone to select to restore any seed into Coinomi
Please could you tell me, do you access the app from the same IP all the time? Do you use a VPN?
FixedFloat reply via email:
We're sorry that you were subjected to theft of funds.
FixedFloat is an instant non-custodial exchanger. After the receipt of funds and the receipt of the required number of confirmations, the exchange takes place immediately.
We do not require any personal data for the exchange. We can only request a search of the server logs (IP, user-agent, language) from our technical specialists. But we need an official request from your regional police or other representative, from their official email address in order to issue confidential information.
After receiving an official request from law enforcement, we will be able to send server log data and order data.
Unfortunately, this is the maximum we can help in this situation.
I post this story on reddit they close the post, If i wrote on they telegram group they tell me to stop because the wallet is good.
I think was an inside job.. or can somebody tell me how the hacker get the seed from a wallet that is power off almost all the time?
One of the biggest loss of my life.
Here you can see how the hacker move the bitcoin
Binance support
And the wallet screenshots
