ribowo76
Full Member
 Offline
Activity: 784
Merit: 101
The World's 1st Waste to Green Energy DLT Project
|
 |
February 28, 2019, 04:49:29 PM |
|
Basically, I have long felt unsure about coinomi security. After reading this, my distrust became stronger. Hopefully this can be a warning for anyone to be more careful in storing crypto assets
|
|
|
|
|
|
|
|
|
|
"You Asked For Change, We Gave You Coins" -- casascius
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
mocacinno
Legendary
Offline
Activity: 3388
Merit: 4919
https://merel.mobi => buy facemasks with BTC/LTC
|
|
February 28, 2019, 04:54:35 PM |
|
I think the fault is from your end ,spyware is already on your pc and the moment you type in your passphrase the spyware hijacked your keys ,I'm using coinomi wallet presently with huge funds inside,but the actual real safest way is storing coins offline
So don't be supprised and say you weren't warned when your wallet gets drained some day... |
|
|
|
bitbunnny
Legendary
Offline
Activity: 2898
Merit: 1068
WOLF.BET - Provably Fair Crypto Casino
|
|
February 28, 2019, 06:21:33 PM |
|
This example is just showing that security is on the key issues you should be aware of. Unfortunately many users ignore safety issues and don't pay enough attention what kind of wallets and exchanges they use and how can they protect themselves. Learn from such mistakes and take care of your coins, don't think such things happen to someone else.
|
|
|
|
wwzsocki
Legendary
Offline
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
|
|
February 28, 2019, 06:32:36 PM
Last edit: February 28, 2019, 09:43:56 PM by wwzsocki |
|
I am really sorry for your loss OP and hope you will be able to get your funds back.
Still, don't understand why OP used this same password/seed words for two different wallets?
From what I know rule number one is to use different passwords/seed words always.
If Coinomi wallet seed words would be different then OP exodus wallet would never be hacked. Am I right?
How they managed to find that these seed words are from Exodus wallet? Do they check all wallets out there? Strange.
Re-read the OP's post... He had some tokens (probably ERC20 tokens) that were sent to him but were not supported by his exodus wallet. Since he wanted to manipulate these tokens, he had to enter his seed phrase in a compatible wallet that did support these tokens. If he would have created a new seed phrase in coinomi he wouldn't have been able to manipulate the tokens that were sent to an address generated by his exodus wallet. As for the second part of your question: there are 2048 words in the dictionary... A simple parser looking for a 12 or 24 words phrase consisting of solely words from this dictionary would suffice. I used coinomi to keep some spending money, but i have moved everything but tBTC and tLTC from coinomi and i'll never use the application again, ever... It's not just the fact that they had a vulnerability, it's the way they behaved afterwards. Thank you very much for this explanation. Of course, a little merit for you. This is something new for me despite I am using tokens from start and have multiple holdings. Maybe because I have never used wallets like Coinomi so far. Never trusted them and from what I see I am totally right. Even the best online wallet today can be vulnerable tomorrow because of a service update he depends on. Even such one as spelling check. This is something to think about if anybody will try to use these wallets. I haven't even mention dangers like malicious insiders or hackers. |
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3013
Welt Am Draht
|
|
February 28, 2019, 10:03:26 PM |
|
Unquestionably slack on Coinomi's part, but I don't believe anyone at Google helped themselves to the seed and I don't think this thread would exist if this vulnerability hadn't been sprayed all over the news.
Either this thread is fantasy or the seed was picked up by someone else by other means.
|
|
|
|
|
|
|
joniboini
Legendary
Offline
Activity: 2184
Merit: 1792
|
|
March 01, 2019, 03:07:47 AM |
|
I don't know who controls that Twitter account, but their response is really unprofessional imo. Starting from threatening to framing people just because they take part in how their vulnerability spread out to the public. I think any sane person won't use their wallet anymore, not only it's a closed source, but also because they have a terrible PR.
|
| | .
.Duelbits. | │ | ..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE | │ | DUELBITS
FANTASY
SPORTS | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | .
▬▬
VS
▬▬ | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | /// PLAY FOR FREE ///
WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
warith (OP)
Newbie
Offline
Activity: 10
Merit: 51
|
|
March 01, 2019, 03:29:01 AM |
|
I don't know who controls that Twitter account, but their response is really unprofessional imo. Starting from threatening to framing people just because they take part in how their vulnerability spread out to the public. I think any sane person won't use their wallet anymore, not only it's a closed source, but also because they have a terrible PR.
Probably their management (founders). As I said in my original post: It seems the founders are the developers of the application and they don’t like anyone who criticizes their ugly baby creation “Coinomi” wallet. They think that they are the code gurus fallen from the heavens who write perfect code. They took everything at personal level and that's very clear in their tweets! |
|
|
|
|
|
pushups44
|
|
March 01, 2019, 03:46:31 AM |
|
I read about this vulnerability online, and one article was skeptical about your claims, but I take no side in this dispute as I am not involved. I hope, if your story is true, that you will be able to get your funds back through litigation. I think one lesson we all can learn from this is not to trust the Google cloud for storing highly sensitive financial or personal information.
|
|
|
|
|
|
Pon13
|
|
March 01, 2019, 02:14:16 PM |
|
Ivan on Tech - ALL HODLERS BEWARE! INSIDER JOB? Programmer explains A person lost their life savings from the COINOMI crypto currency wallet. Today we talk about how that hack happened exactly, how COINOMI let this happen and what the likely chain of events was. Another important aspect is how COINOMI responded to this issue and communicated this to the public. We will also discuss the fact that many miners mine empty blocks and why they do it. https://www.youtube.com/watch?v=5WgD8YOqfLM |
Bill Hicks was right about....everything
|
|
|
|
angel55
|
|
March 01, 2019, 04:31:46 PM |
|
The replies from coinomi are very conercning and I would recommend that no one use this wallet anymore. There is just too much risk at this point, please keep your funds stored offline for optimal safety.
|
|
|
|
|
omone1
Member
Offline
Activity: 843
Merit: 52
|
|
March 01, 2019, 04:45:51 PM |
|
Coinomi reply to this disheartening loss is worrisome and it calls for grave concern for professionalism in financial management, trying to bully one in other not to cry out is circumventing. Sorry for the enormous loss, I hope you seek a refund through a calculated litigation, and hope you get justice quick. Just a word "It is good not to leave huge fund in a single wallet".
|
|
|
|
|
warith (OP)
Newbie
Offline
Activity: 10
Merit: 51
|
|
March 03, 2019, 02:47:23 PM
Last edit: March 04, 2019, 06:13:06 AM by warith Merited by LoyceV (1), Theb (1) |
|
I have published my second official statement regarding Coinomi "Spell Check" scandal You can read the new statement from the following link (video included): https://twitter.com/warith2020/status/1102445902353043456 |
|
|
|
|
|
SiDtHeBeSt
|
|
March 03, 2019, 06:49:16 PM |
|
Damm all your life savings gone very sad thing to happen. But as you said you were used to software wallets since 2013 which costed you this seriously you could've used a better alternative such as an offline wallet by ledger of some other then you wouldn't have had to face this. Hope you get a satisfactory answer from coinomi.
|
|
|
|
|
|
Theb
|
|
March 03, 2019, 07:22:22 PM |
|
Nice way to get back and reply at Coinomi's Medium post, I wasn't convinced on how they answered the vulnerability issues especially when they have evaded a lot of your points in your blog post, they haven't even mentioned anything about the "legal implications" they are threatening you if you disclose the vulnerability issue to the web. So far you have 114 views in your video maybe if this goes viral Coinomi will be pressured to reimburse your loss fund and the rest of the users who are affected. |
|
|
|
|
Pon13
|
|
March 05, 2019, 09:00:26 AM |
|
Your video response is decent and fully explanatory. Even kids can understand this. Maybe coinomi should hire you to handle not only their incompetence but learn a few things as well. I hope this will go to the authorities. |
Bill Hicks was right about....everything
|
|
|
allwelder
Legendary
Offline
Activity: 1512
Merit: 1004
|
|
March 12, 2019, 01:31:04 AM |
|
Security first in Crypto world.
|
|
|
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3013
Welt Am Draht
|
|
May 25, 2019, 10:53:08 AM |
|
Not surprised. It read like a load of shit to me. As if there's someone in the bowels of google rubbing their hands as they wait for the seeds to roll in. Gimme a bleedin' break. All the same it's pisspoor practice and I wouldn't keep anything other than shitcoins on there. You don't know what'll pop up next. |
|
|
|
|
nutildah
Legendary
Offline
Activity: 2982
Merit: 7976
|
|
May 25, 2019, 10:53:13 AM |
|
You can save readers a few steps by just posting the Medium article: https://medium.com/@cipherblade/how-not-to-react-when-your-cryptocurrency-is-stolen-92f7c72616afIt spends too much time talking about the behavior of the victim, which isn't necessarily relevant, though the article does provide some blockchain forensics to show that the coins may have been taken through malware. How do we know the malware doesn't exploit the bug identified by Al Maawali and patched immediately after by Coinomi? Were there apparent hackings conducted after the bug was fixed? The article doesn't mention this. While it sounds like malware was likely involved, there could still have been an oversight error on the part of Coinomi. Not surprised. It read like a load of shit to me. As if there's someone in the bowels of google rubbing their hands as they wait for the seeds to roll in. Gimme a bleedin' break. I agree that the chances of Google being in on it are slim to nonexistent. |
|
|
|
|
