Bitcoin Forum
November 01, 2024, 01:25:45 AM *
News: Bitcoin Pumpkin Carving Contest
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: WARNING - Coinomi Wallet CRITICAL Vulnerability Made Me Lose My Life Savings  (Read 2100 times)
btyco
Copper Member
Jr. Member
*
Offline Offline

Activity: 364
Merit: 4


View Profile
February 27, 2019, 07:50:32 AM
 #21

This is a great heads up on an unsecure wallet. Majority of mine are on a hardware wallet with others split across a desktop software wallet and even some on several different exchanges.

DarkPayCoin - [100% community governed and built]
[-] Website  [-] ANN Thread  [-] Discord  [-] Twitter  [-] Telegram
\ HIGH ROI, Low supply / - \ A privacy focused MN/PoS coin /
gmaxwell
Staff
Legendary
*
Offline Offline

Activity: 4270
Merit: 8805



View Profile WWW
February 27, 2019, 08:41:31 AM
Merited by LoyceV (4), nutildah (1), eternalgloom (1)
 #22

Don't use closed source wallets.

If anything this incident increases my (nearly zero) estimate of this wallet's security: Someone looked and found at least at the moment it was sending the key material only to Google. That is more secure than should have been expected.

Don't use closed source wallets.

Don't use wallets that support a zillion different cryptocurrencies (just supporting one securely is a task too hard for basically anyone to get right...).

Don't used closed source wallets.

I'm sorry to hear about the OPs loss.

Don't used closed source wallets.
Crypto Girl
Sr. Member
****
Offline Offline

Activity: 980
Merit: 294


View Profile
February 27, 2019, 09:10:55 AM
 #23

There is another guy who launched a unique concept token to highlight such scams.

I think u should contact him and see if u guys can work on something together to spread more awareness about these now big scams

This is the Ann
https://bitcointalk.org/index.php?topic=5112397.0

May Ur steps end these incidents for ever.
That guy you're talking about is full of sarcasm in his body and he's actually funny but OP has a serious issue, it's his life savings.
Probably if this will happen to me I will not be able to sleep nor eat and maybe be depress and even being sarcastic wouldn't help either way.

Perhaps who knows, out of frustration, OP will collab with this motherfuckercoin. We'll see then.

I use this provider to trade Cryptos : Bitcoin Revolution
DeathAngel
Legendary
*
Offline Offline

Activity: 3290
Merit: 1617


#1 VIP Crypto Casino


View Profile
February 27, 2019, 09:36:38 AM
 #24

Coinomi is effectively a web wallet, it’s always a risk leaving a significant amount of coins in an online wallet. OP I feel for you, I really do but judging by how knowledgable you seem & how eloquently you type I think you were probably aware of the ridks.

Sadly you know yourself that this could have been avoided even by keeping your coins on a bitcoin core (QT) wallet.

█████████████████████████
███████████▄█████████████
██████▀░▀█▀░▀█▀░▀████████
███████▄███▄███▄█████████
████▀██▀██▀░▀████▀░▀█████
███████████░███▀██▄██████
████▀██▀██░░░█░░░████████
███████████░███▄█▀░▀█████
████▀██▀██▄░▄███▄░░░▄████
███████▀███▀███▀██▄██████
██████▄░▄█▄░▄█▄░▄████████
███████████▀█████████████
█████████████████████████
 
.Bitcasino.io.
 
.BTC  ✦  Where winners play  BTC.
.
..
.
    ..





████
████
░░▄████▄████████████▄███▄▄
░███████▄██▄▄▄▄▄▄█████████▄
███████████████████████████
▀████████████████████████▀
░░▀▀████████████████████
██████████████████▄█████████
██
▐███████▀███████▀██▄██████
███████▄██▄█▀████▀████████
░░██████▀▀▀▄▄▄████▀▀████
██▐██████████▀███▀█████████████    ████
███
████████████
███████████████    ████
█████▀████████████████▀
███████▀▀▀█████████▀▀
..
....
 
 ..✦ Play now... 
.
..
anks
Sr. Member
****
Offline Offline

Activity: 572
Merit: 259


LSK, QTUM


View Profile
February 27, 2019, 09:37:24 AM
 #25

i am sorry for your loss. i also read about ledger nano and there are also issues.
its hard to find a wallet to trust.

LISK
          ▄██▄
        ▄██████▄
      ▄██████████▄
    ▄██████████████▄
    ▀██████████████▀
      ████████████
       ██████████
       ▀████████▀
      ████████████
     ██████████████
      ████████████
        ▀██████▀
                 ▄▄   ▄▄
                ▄▀ ▀▀█  █
               ▄▀     ▀▀
           ▄▄▄▄█▄
       ▄█▀▀▀▀▀▀▀▀▀▀█▄
   ▄▀▄▀              ▀▄▀▄
  █  █   ▄█▄    ▄█▄   █  █
   ▀█    ▀█▀    ▀█▀    █▀
    █                  █
     █   ▀▄      ▄▀   █
      ▀▄   ▀▀▀▀▀▀   ▄▀
        ▀▀▄▄▄▄▄▄▄▄▀▀

                        ▄▄▄
    ▄▀▄              ▄▀▀   ▀▀▄
    ▀▄ ▀▀▄▄         █     ▄   ▀▀█▀
      ▀▄▄  ▀▀▄▄     █         █▀
      ▀▄ ▀     ▀▀▄▄▀         █
       ▄▀▀▄                  █
        ▀▄▄                 █
  ▀█▄▄     ▀▄              █
    ▀▄▀▀▀▀▀▀         ▄    █
      ▀▄▄          ▄▀▀ ▄▄▀
         ▀▀▄▄     ▄▄▄▀▀
             ▀▀▀▀▀

       ▄▄▄▄▄▄
   ▄▄▀▀      ▀▀▄▄
  █              █ ▄
 █                █ ▀▄
 █                █  ▀▄
  █              █    █
▄▀ ▄▄          ▄▀    ▄▀
 ▀▀  ▀▀▄▄▄▄▄▄▀▀      ▀▄
        ▀▄▄      ▄▄▀▀▄▄▀
           ▀▀▀▀▀▀
    ▄▀▄            ▄▀▄
   █   █          █   █
  █     █ ▄▄▄▄▄▄ █     █
 ▄▀      ▀      ▀      ▀▄
 █                      █
█       ▄▄▄▄▄▄▄▄▄▄       █
█    ▄▀▀          ▀▀▄    █
█   ▄▀   ▄      ▄   ▀▄   █
 █  █   ███    ███   █  █
  █  █   ▀      ▀   █  █
   ▀▄ ▀▀▄▄▄▄▄▄▄▄▄▄▀▀ ▄▀
     ▀▀▄▄▄▄▄▄▄▄▄▄▄▄▀▀
CHAT
buwaytress
Legendary
*
Offline Offline

Activity: 2982
Merit: 3687


Join the world-leading crypto sportsbook NOW!


View Profile
February 27, 2019, 09:37:44 AM
 #26

First saw this post on reddit. Suggest you move this to the Wallet Software section so people using the wallet can also be aware.

I can't technically say who or what's to blame for the loss of funds, but so many red flags with the way dev teams like Coinomi's that reminds me why I'm so reluctant to try these wallets. How Coinomi could ever not sign their main app is beyond me, for example.

I'd actually alert Google as well. It does sound like only someone on their team (as you saw with access to the HTTP requests to googleapis) took it.

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
kenzawak
Hero Member
*****
Offline Offline

Activity: 658
Merit: 851



View Profile
February 27, 2019, 09:39:53 AM
 #27

I saw that on reddit and didn't talk about it anywhere because as of now, it's just one guy making a claim.
I'm not saying it's false but I'd wait for more information about the whole thing.
Pon13
Full Member
***
Offline Offline

Activity: 670
Merit: 130



View Profile WWW
February 27, 2019, 12:07:36 PM
Last edit: February 27, 2019, 02:16:00 PM by Pon13
 #28

This is indeed SAD.

Although it was known from last year incident with Luke Childs (you have it in your article as well) that coinomi are either malicious or incompetent or a bit of both. I state the latter not only because of their childish security issues/mistakes (they just had to enable SSL back then or their unsigned main app now) but from their responses when you tell them that something is wrong.

I hope somehow you get back your stolen funds.  
Thanks for sharing this !

Bill Hicks was right about....everything
BitcoinGirl.Club
Legendary
*
Offline Offline

Activity: 2954
Merit: 2783


Bitcoingirl 2 joined us 💓


View Profile WWW
February 27, 2019, 01:13:17 PM
 #29

Next time if you need to spell check your passphrase/seed and to make sure that you are following the English dictionary just use Coinomi wallet LMAO!

I have to give you the credit that you are dealing with this issue with a cool mind. I am really sorry to heart that this happened with you.


I'm used to software wallets since 2013 and never had such incident because I was taking proper security measures by isolating my crypto stuff.

Getting exploited by such stupid vulnerability was not in my list and I have learned it the hard way and hopefully the community learns from my expensive experience.
Thanks for sharing this with the community.

But your story is different from mine since you imported your passphrase from exodus wallet and maybe someone had spotted this since you really have decent amount.

This has nothing to do with his previous passphrase/wallet. In its simplest sense, OP lost his money because Coinomi has a backdoor which has been used by a hacker to get his passphrase. So whatever apps you use to generate the passphrase, you can fall for the same hack.

May be create a new wallet using Electrum, safest is to use 2/2 multiSig wallet. Transfer the balance to the new wallet. I hope no more people fall far this trick and lose their money.

▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   
.
.. PLAY NOW ..
eternalgloom
Legendary
*
Offline Offline

Activity: 1792
Merit: 1283



View Profile WWW
February 27, 2019, 01:53:36 PM
 #30

Fucking hell, I would literally be sick if I had lost such a big amount of money.
It's easy for people to criticize you for not choosing a proper wallet, but yeah, hindsight 20/20 right...

I hope you share this across multiple social media websites and keep doing this for at least a couple of weeks.
People should absolutely know that Coinomi sent passphrases over plain text for X amount of years(?)!

Without trying to be a dick about it, I would seriously recommend that you keep your live savings in a secure cold storage wallet.
Figure out a solution to do this securely and mostly offline, there are some great tutorials out there on how to do this.

Looking at your post, you obviously have the technical know-how to pick a more secure, more technical crypto storage solution.
Please do so in the future, if you're not totally done with cryptocurrency.

Callanta787
Member
**
Offline Offline

Activity: 546
Merit: 21


View Profile WWW
February 27, 2019, 02:40:02 PM
 #31

Presently I'm using coinomi wallet and I've been using coinomi wallet since 2016 I guess ,the experience is always best than other wallets I've used so far ,I don't have answer to your claim but I'm using the mobile version ,since you using the windows version it might be true or your pc was already hijacked right before you import your passphrase ,I'm sorry for your loss

eternalgloom
Legendary
*
Offline Offline

Activity: 1792
Merit: 1283



View Profile WWW
February 27, 2019, 03:04:38 PM
Merited by mocacinno (1)
 #32

Presently I'm using coinomi wallet and I've been using coinomi wallet since 2016 I guess ,the experience is always best than other wallets I've used so far ,I don't have answer to your claim but I'm using the mobile version ,since you using the windows version it might be true or your pc was already hijacked right before you import your passphrase ,I'm sorry for your loss

So, you haven't actually gone through the trouble of reading his post then?

Fact is that they sent passphrases in clear plain text to Google servers.
Whether you've personally have had any issues with Coinomi is besides the point AND you're doing everyone a disservice by bringing that up.

Next time, maybe don't comment when you have no clue what OP is talking about.

Disclaimer: Look, I don't mind uninformed people asking questions or adding to the discussion, but I do mind when they're spreading misinformation.

Made in Chernobyl
Newbie
*
Offline Offline

Activity: 13
Merit: 1


View Profile
February 27, 2019, 03:44:33 PM
 #33

Coinomi's official response: https://medium.com/coinomi/official-statement-on-spell-check-findings-547ca348676b
Rando444
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
February 27, 2019, 03:59:41 PM
 #34

I am really sorry to hear this. I have been using Coinomi for quite some time now and the reason I did was because they said that your keys and passphrase are stored in your own mobile and not a server. I thought it was safe alll this time, but after reading your post I am having second thoughts. Again, I am really sorry for your loss Sad
Zerbis
Member
**
Offline Offline

Activity: 335
Merit: 15

Trading & Crypto


View Profile
February 27, 2019, 04:04:54 PM
 #35

Someone should tell me if IPHONE app could have the same vulnerability?

Don't look back in anger
bhadz
Hero Member
*****
Offline Offline

Activity: 2604
Merit: 582


Payment Gateway Allows Recurring Payments


View Profile WWW
February 27, 2019, 04:23:07 PM
 #36

Sorry for your losses OP, I've got some altcoins sitting on my coinomi wallet and I'm just letting it there which I rarely visit.
My big question is why you use Coinomi to safe your asset worth $60K-$70K?
I have my life savings on crypto's too but I'm not storing it to a multi-wallet just like coinomi. I trust more ledger nano s than this kind of wallet. This is a very painful and expensive experience for OP, I hope you recover soon. I've decided to start moving those coins of mine.

..cryptomus..   
  
.
lllllllllllllllllll CRYPTO
PAYMENT GATEWAY
▄█▀▀██▄░░░▄█████▄░░░▄▀████▄
██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█
██░▀▄██░░░███▄███░░░███░░▄█
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄
███▀▄██░░░██▀░▀██░░░██▀▀▀▀█
██▀▄███░░░██░░░██░░░█▄███░█
▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀

▄█████▄░░░▄█▀▀██▄░░░▄█████▄
█▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██
█▄█▄█▄█░░░███░▀▄█░░░███▄███
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
ACCEPT
CRYPTO
PAYMENTS
..GET STARTED..
South Park
Hero Member
*****
Offline Offline

Activity: 3066
Merit: 810


I am terrible at Fantasy Football!!!


View Profile
February 27, 2019, 04:26:06 PM
 #37

I've never heard about this Coinomi wallet.Why didn't you just use one of the more popular and trusted crypto wallet services?Storing big amounts of coins into ONE wallet is always a big mistake...
This topic belongs to the Scam Acusasations forums,I think...
The OP was using that wallet because there were some assets that were unsupported by the exodus wallet and he wanted to store those assets and he decided to use the coinomi wallet, it could have been a good idea to use a hardware wallet but now it is too late for him, so let this be a reminder, software wallets are not really the place to store huge amounts of money, if you have even just a few thousands of dollars worth of cryptocurrencies then you need to invest in a hardware wallet.
fer_coinomi
Jr. Member
*
Offline Offline

Activity: 55
Merit: 10


View Profile
February 27, 2019, 04:59:38 PM
 #38

Please read Coinomi's official response on the incident: https://medium.com/coinomi/official-statement-on-spell-check-findings-547ca348676b
LoyceV
Legendary
*
Offline Offline

Activity: 3486
Merit: 17608


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
February 27, 2019, 05:16:37 PM
Last edit: February 27, 2019, 05:33:08 PM by LoyceV
Merited by mocacinno (1), buwaytress (1)
 #39

Please read Coinomi's official response on the incident: https://medium.com/coinomi/official-statement-on-spell-check-findings-547ca348676b
Let me quote from the Official Statement:
Quote
After the dust settles we all need to remember the names of those who chose self-assertion over general public safety and acted irresponsibly.
Was it really necessary to mention warith's full name 8 times?
Coinomi calls him a "blackmailer", "irresponsible", and claims funds are "possibly still controlled by him". The entire Official Statement reads like damage control to me.

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
eternalgloom
Legendary
*
Offline Offline

Activity: 1792
Merit: 1283



View Profile WWW
February 27, 2019, 05:29:27 PM
 #40

Please read Coinomi's official response on the incident: https://medium.com/coinomi/official-statement-on-spell-check-findings-547ca348676b

I know LoyceV already mentioned it above, but I'd like to reiterate what he said:

Did you really have to use his full name? Pretty unethical behavior at your end IMO.
That said, I am curious how OP's funds got stolen exactly. Seems unlikely that it was someone at Google's end.

Wouldn't the more likely scenario be that his own PC was already compromised?

Still doesn't make up for the vulnerability though.

Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!