Bitcoin Forum
February 21, 2020, 04:10:05 PM *
News: Latest Bitcoin Core release: 0.19.0.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 »  All
  Print  
Author Topic: WARNING - Coinomi Wallet CRITICAL Vulnerability Made Me Lose My Life Savings  (Read 1337 times)
ribowo76
Full Member
***
Offline Offline

Activity: 784
Merit: 101

The World's 1st Waste to Green Energy DLT Project


View Profile WWW
February 28, 2019, 04:49:29 PM
 #61

Basically, I have long felt unsure about coinomi security. After reading this, my distrust became stronger. Hopefully this can be a warning for anyone to be more careful in storing crypto assets
1582301405
Hero Member
*
Offline Offline

Posts: 1582301405

View Profile Personal Message (Offline)

Ignore
1582301405
Reply with quote  #2

1582301405
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1582301405
Hero Member
*
Offline Offline

Posts: 1582301405

View Profile Personal Message (Offline)

Ignore
1582301405
Reply with quote  #2

1582301405
Report to moderator
1582301405
Hero Member
*
Offline Offline

Posts: 1582301405

View Profile Personal Message (Offline)

Ignore
1582301405
Reply with quote  #2

1582301405
Report to moderator
mocacinno
Legendary
*
Offline Offline

Activity: 1862
Merit: 2079


https://unblur.ninja =>lightning network testsite


View Profile WWW
February 28, 2019, 04:54:35 PM
 #62

I think the fault is from your end ,spyware is already on your pc and the moment you type in your passphrase the spyware hijacked your keys ,I'm using coinomi wallet presently with huge funds inside,but the actual real safest way is storing coins offline

So don't be supprised and say you weren't warned when your wallet gets drained some day...

bitbunnny
Legendary
*
Offline Offline

Activity: 1974
Merit: 1048


WOLF.BET - Provably Fair Dice Game


View Profile
February 28, 2019, 06:21:33 PM
 #63

This example is just showing that security is on the key issues you should be aware of. Unfortunately many users ignore safety issues and don't pay enough attention what kind of wallets and exchanges they use and how can they protect themselves. Learn from such mistakes and take care of your coins, don't think such things happen to someone else.

.WOLF.BET.▄███████████▄
███████    ████████████▄
███████    ███████   ▀██
██████████████████    ██
██    ██████████████████
██    ███████    ███████
█████████████    ███████
███████    █████████████
███████    ███████    ██
██████████████████   ▄██
██        ▀███████████▀
██
██

█████
  ███
  ███
  ███
  ███
  ███
  ███
  ███
  ███
  ███
  ███
█████


[/center
wwzsocki
Legendary
*
Offline Offline

Activity: 1204
Merit: 1160



View Profile WWW
February 28, 2019, 06:32:36 PM
Last edit: February 28, 2019, 09:43:56 PM by wwzsocki
 #64

I am really sorry for your loss OP and hope you will be able to get your funds back.

Still, don't understand why OP used this same password/seed words for two different wallets?

From what I know rule number one is to use different passwords/seed words always.

If Coinomi wallet seed words would be different then OP exodus wallet would never be hacked. Am I right?

How they managed to find that these seed words are from Exodus wallet? Do they check all wallets out there? Strange.



Re-read the OP's post... He had some tokens (probably ERC20 tokens) that were sent to him but were not supported by his exodus wallet. Since he wanted to manipulate these tokens, he had to enter his seed phrase in a compatible wallet that did support these tokens. If he would have created a new seed phrase in coinomi he wouldn't have been able to manipulate the tokens that were sent to an address generated by his exodus wallet.

As for the second part of your question: there are 2048 words in the dictionary... A simple parser looking for a 12 or 24 words phrase consisting of solely words from this dictionary would suffice.

I used coinomi to keep some spending money, but i have moved everything but tBTC and tLTC from coinomi and i'll never use the application again, ever... It's not just the fact that they had a vulnerability, it's the way they behaved afterwards.

Thank you very much for this explanation. Of course, a little merit for you.

This is something new for me despite I am using tokens from start and have multiple holdings. Maybe because I have never used wallets like Coinomi so far.
Never trusted them and from what I see I am totally right.

Even the best online wallet today can be vulnerable tomorrow because of a service update he depends on. Even such one as spelling check. This is something to think about if anybody will try to use these wallets. I haven't even mention dangers like malicious insiders or hackers.


gentlemand
Legendary
*
Online Online

Activity: 2282
Merit: 2330


Welt Am Draht


View Profile
February 28, 2019, 10:03:26 PM
 #65

Unquestionably slack on Coinomi's part, but I don't believe anyone at Google helped themselves to the seed and I don't think this thread would exist if this vulnerability hadn't been sprayed all over the news.

Either this thread is fantasy or the seed was picked up by someone else by other means.

warith
Newbie
*
Offline Offline

Activity: 10
Merit: 47


View Profile
March 01, 2019, 02:02:34 AM
Last edit: March 01, 2019, 02:52:11 AM by warith
Merited by LoyceV (2)
 #66

As you know Coinomi has announced their official sloppy response and it was very clear how they diverted they whole situation into "blackmailing" thing.

They focused on my personal image and hired some of their trolls to trash-talk me on social media (especially Twitter because it's less moderated).

They tried to run away from responsibility and portray that the vulnerability is "harmless" (based on their hired trolls). Moreover, they kept deleting some of their tweets when got striked by facts.

Here are some examples of how childish, unprofessional and misleading their tweets are:
https://twitter.com/warith2020/status/1101054666232745984
https://twitter.com/warith2020/status/1101055824368148480
https://twitter.com/warith2020/status/1101057557010006016
https://twitter.com/warith2020/status/1100898781598531591
https://twitter.com/warith2020/status/1101135909481861120

They even literally blackmailed a know community member by legal actions to limit his freedom of speech because he expressed his "technical" thoughts:
https://twitter.com/warith2020/status/1101048089626984449

I have never ever seen a company with that kind of attitude and to me they lost all credibility. If you still trust them with your crypto-assets then I wish you all the best luck.

Finally, I will be posting my official response to their official announcement very soon. It will answer all the questions raised by the community and will contain some exciting evidences on my claims.

To stay calm and have some LOLs check out this Coinomi's Meme (classic & original):
https://twitter.com/dukeleto/status/1100696093673824256
joniboini
Legendary
*
Offline Offline

Activity: 840
Merit: 1283


Exchange Bitcoin quickly-https://blockchain.com.do


View Profile WWW
March 01, 2019, 03:07:47 AM
 #67

I don't know who controls that Twitter account, but their response is really unprofessional imo. Starting from threatening to framing people just because they take part in how their vulnerability spread out to the public. I think any sane person won't use their wallet anymore, not only it's a closed source, but also because they have a terrible PR.

warith
Newbie
*
Offline Offline

Activity: 10
Merit: 47


View Profile
March 01, 2019, 03:29:01 AM
 #68

I don't know who controls that Twitter account, but their response is really unprofessional imo. Starting from threatening to framing people just because they take part in how their vulnerability spread out to the public. I think any sane person won't use their wallet anymore, not only it's a closed source, but also because they have a terrible PR.


Probably their management (founders). As I said in my original post:
Quote
It seems the founders are the developers of the application and they don’t like anyone who criticizes their ugly baby creation “Coinomi” wallet. They think that they are the code gurus fallen from the heavens who write perfect code.

They took everything at personal level and that's very clear in their tweets!
pushups44
Sr. Member
****
Offline Offline

Activity: 784
Merit: 263


View Profile
March 01, 2019, 03:46:31 AM
 #69

I read about this vulnerability online, and one article was skeptical about your claims, but I take no side in this dispute as I am not involved. I hope, if your story is true, that you will be able to get your funds back through litigation. I think one lesson we all can learn from this is not to trust the Google cloud for storing highly sensitive financial or personal information.
Pon13
Full Member
***
Offline Offline

Activity: 647
Merit: 126



View Profile WWW
March 01, 2019, 02:14:16 PM
 #70

Ivan on Tech - ALL HODLERS BEWARE! INSIDER JOB?
Programmer explains
Quote
A person lost their life savings from the COINOMI crypto currency wallet. Today we talk about how that hack happened exactly, how COINOMI let this happen and what the likely chain of events was. Another important aspect is how COINOMI responded to this issue and communicated this to the public. We will also discuss the fact that many miners mine empty blocks and why they do it.

https://www.youtube.com/watch?v=5WgD8YOqfLM

Bill Hicks was right about....everything
angel55
Full Member
***
Offline Offline

Activity: 630
Merit: 170



View Profile
March 01, 2019, 04:31:46 PM
 #71

The replies from coinomi are very conercning and I would recommend that no one use this wallet anymore.  There is just too much risk at this point, please keep your funds stored offline for optimal safety.
omone1
Member
**
Online Online

Activity: 448
Merit: 17

www.thegeomadao.com


View Profile
March 01, 2019, 04:45:51 PM
 #72

Coinomi reply to this disheartening loss is worrisome and it calls for grave concern for professionalism in financial management, trying to bully one in other not to cry out is circumventing. Sorry for the enormous loss, I hope you seek a refund through a calculated litigation, and hope you get justice quick. Just a word "It is good not to leave huge fund in a single wallet".

warith
Newbie
*
Offline Offline

Activity: 10
Merit: 47


View Profile
March 03, 2019, 02:47:23 PM
Last edit: March 04, 2019, 06:13:06 AM by warith
Merited by LoyceV (1), Theb (1)
 #73

I have published my second official statement regarding Coinomi "Spell Check" scandal

You can read the new statement from the following link (video included):
https://twitter.com/warith2020/status/1102445902353043456
SiDtHeBeSt
Full Member
***
Offline Offline

Activity: 406
Merit: 106



View Profile
March 03, 2019, 06:49:16 PM
 #74

Damm all your life savings gone very sad thing to happen. But as you said you were used to software wallets since 2013 which costed you this seriously you could've used a better alternative such as an offline wallet by ledger of some other then you wouldn't have had to face this. Hope you get a satisfactory answer from coinomi.

Theb
Hero Member
*****
Offline Offline

Activity: 1204
Merit: 512



View Profile
March 03, 2019, 07:22:22 PM
 #75

I have published my second official statement regarding Coinomi "Spell Check" scandal

You can read the new statement from the following link (video included):
https://twitter.com/warith2020/status/1102208448236847107
Nice way to get back and reply at Coinomi's Medium post, I wasn't convinced on how they answered the vulnerability issues especially when they have evaded a lot of your points in your blog post, they haven't even mentioned anything about the "legal implications" they are threatening you if you disclose the vulnerability issue to the web. So far you have 114 views in your video maybe if this goes viral Coinomi will be pressured to reimburse your loss fund and the rest of the users who are affected.

      ▄ ▄█▄ ▄█ ▄
     ▄▐██▀▀▀▀▀▀
      ▀▄▄████▄ █▄
   ▄ ██▄█▀▀   ▀▀ ▀
  ▄██▄██▄ ▀██▄▀ ▀█▄
 ▀███████▄▄▄▄▄█▄▄▄██
▐███████████▀▀  ▀█▀ █
█▀███████████  ▄▄█▄ ██
 ▐█████████████▀   ███
  ████▀██████████▄███
  ▐█▀  ████████████ ▀
   ▀  ▐███████████
     ▄██████▀▀ █▀
.
JACKMATE'S
MAJESTIC

  ███████████████████
 ███████████████████
███████████████████
         █████████
        █████████
       █████████
      █████████
     █████████
    █████████
   █████████
  █████████
 █████████
████████
██
██
██
██
██
██
██
██
██
██
██
████████
██████████████████████████████████████████████████████████████████████████████████████████████     ███
.
WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY
.
███     ██████████████████████████████████████████████████████████████████████████████████████████████
████████
██
██
██
██
██
██
██
██
██
██
██
████████
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
.
JOIN US - IT'S FREE!
██████
██
██
██
██
██
██
██
██
██
██
██
██████
Pon13
Full Member
***
Offline Offline

Activity: 647
Merit: 126



View Profile WWW
March 05, 2019, 09:00:26 AM
 #76

I have published my second official statement regarding Coinomi "Spell Check" scandal

You can read the new statement from the following link (video included):
https://twitter.com/warith2020/status/1102445902353043456

Your video response is decent and fully explanatory. Even kids can understand this.
Maybe coinomi should hire you to handle not only their incompetence but learn a few things as well.
I hope this will go to the authorities.

Bill Hicks was right about....everything
allwelder
Legendary
*
Offline Offline

Activity: 1526
Merit: 1004



View Profile
March 12, 2019, 01:31:04 AM
 #77

Security first in Crypto world.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
Brenny431
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
May 25, 2019, 10:35:46 AM
 #78

We would like to update anyone reading this post, with the Blockchain analysis report. Please take a moment to find the details of the report at this link: https://twitter.com/kimionis/status/1131945228506738688

gentlemand
Legendary
*
Online Online

Activity: 2282
Merit: 2330


Welt Am Draht


View Profile
May 25, 2019, 10:53:08 AM
 #79

We would like to update anyone reading this post, with the Blockchain analysis report. Please take a moment to find the details of the report at this link: https://twitter.com/kimionis/status/1131945228506738688



Not surprised. It read like a load of shit to me. As if there's someone in the bowels of google rubbing their hands as they wait for the seeds to roll in. Gimme a bleedin' break.

All the same it's pisspoor practice and I wouldn't keep anything other than shitcoins on there. You don't know what'll pop up next.

nutildah
Legendary
*
Offline Offline

Activity: 1666
Merit: 2765


https://bitcoin.watfordfc.com


View Profile
May 25, 2019, 10:53:13 AM
 #80

We would like to update anyone reading this post, with the Blockchain analysis report. Please take a moment to find the details of the report at this link: https://twitter.com/kimionis/status/1131945228506738688

You can save readers a few steps by just posting the Medium article:

https://medium.com/@cipherblade/how-not-to-react-when-your-cryptocurrency-is-stolen-92f7c72616af

It spends too much time talking about the behavior of the victim, which isn't necessarily relevant, though the article does provide some blockchain forensics to show that the coins may have been taken through malware. How do we know the malware doesn't exploit the bug identified by Al Maawali and patched immediately after by Coinomi? Were there apparent hackings conducted after the bug was fixed? The article doesn't mention this.

While it sounds like malware was likely involved, there could still have been an oversight error on the part of Coinomi.

We would like to update anyone reading this post, with the Blockchain analysis report. Please take a moment to find the details of the report at this link: https://twitter.com/kimionis/status/1131945228506738688

Not surprised. It read like a load of shit to me. As if there's someone in the bowels of google rubbing their hands as they wait for the seeds to roll in. Gimme a bleedin' break.

I agree that the chances of Google being in on it are slim to nonexistent.

  ▄▄█████▄▄███████▄▄
 ███████████
     ▀▀███▄
█████████████        ▀██▄
█████████████          ██▄
███████████            ██▄
██▀▀█████▀▀              ██
██                       ██
██                       ██
▀██                     ██▀
 ▀██                   ██▀
  ▀██▄               ▄██▀
    ▀███▄▄       ▄▄███▀
       ▀▀█████████▀▀
███████   INDUSTRY LEADING CRYPTO SPORTSBOOK   ███████
MULTI
CURRENCY
ONLINE
   CASINO   
DAILY PRICE
BOOSTS
FAST & SECURE
PAYMENTS
█████████████████████████
███████▀▀       ▀▀███████
████▀   ▄ ▀███▀ ▄   ▀████
███  ▄████▄ ▀ ▄████▄  ███
██  ▄ ▀███▀ ▄ ▀███▀ ▄  ██
█  ▄██ ▀▀ ▄███▄ ▀▀ ██▄  █
█  █▀ ▄█ ███████ █▄ ▀█  █
█   ▄███▄ █████ ▄███▄   █
██  ████▀ ▄▄▄▄▄ ▀████  ██
███  ▀ ▄ ▀█████▀ ▄ ▀  ███
████▄  ▀▀▄ ███ ▄▀▀  ▄████
███████▄▄       ▄▄███████
█████████████████████████
█████████████████████████
███████▀▀ █████ ▀▀███████
████▀    ▄█████▄    ▀████
█████▄▄█▀▀ ▄▄▄ ▀▀█▄▄█████
██▀███▀ ▄███▀███▄ ▀███▀██
█   █ ▄██▀     ▀██▄ █   █
█   █ ██         ██ █   █
█   █ ▀██▄▄█ █▄▄██▀ █   █
██▄███▄ ▀██▄▄▄██▀ ▄███▄██
█████▀▀█▄▄ ▀▀▀ ▄▄█▀▀█████
████▄    ▀█████▀    ▄████
███████▄▄ █████ ▄▄███████
█████████████████████████
.
.REGISTER NOW!.
Pages: « 1 2 3 [4] 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!