BitBustah
|
|
May 25, 2019, 04:23:54 PM |
|
Makes me sick how very few people are even held responsible for their actions. They just forget about it and show no sympathy for the losses they caused. I've gotten to a point where it is hard to trust anyone after seeing all these hacks, scams, and phishers.
|
|
|
|
Anonylz
|
|
May 25, 2019, 06:36:56 PM |
|
Such a horrible experience you must have had, this is bad if we can't be safe with our funds on exchange and now in wallets too? Till now, never thought something like this could happen with a personal wallet of which you hold the recovery phrase or key, but with this unfortunate situation of yours makes have a second thought about the wallet i keep my funds, i don't want to imagine this happening I hope to you can recover your money sooner than later.
|
| . SECONDLIVE | | | │ | | | | | | │ | | | | ▄▄███████▄▄▄ ▄▄████████████████▄▄ ██████████████████████▄ ████████▀▀▀██████████████ ███████▌ ▀█████████████ ████████▀ ▀▀▄▄██▀▀▀██████████ ███████ ▀████████ ███████▄ ████████ ████████▄▄ ▄████████ ███████████▄▄▄▄██████████ ▀█████████████████████▀ ▀████████████████▀▀ ██████████████████████ |
|
|
|
Spider A4
|
|
May 25, 2019, 08:07:49 PM |
|
Very sad for your life saving whole asset stolen. 60k$-70k$ is really massive amount i think it's your bad decision to hold in Coinomi wallet. Because a lot of safe wallet if you can use like one of them hardware wallet is huge safe from coinomi wallet.
|
|
|
|
Coinomi
Newbie
Offline
Activity: 52
Merit: 0
|
|
May 26, 2019, 01:19:29 AM |
|
You can save readers a few steps by just posting the Medium article: https://medium.com/@cipherblade/how-not-to-react-when-your-cryptocurrency-is-stolen-92f7c72616afIt spends too much time talking about the behavior of the victim, which isn't necessarily relevant, though the article does provide some blockchain forensics to show that the coins may have been taken through malware. How do we know the malware doesn't exploit the bug identified by Al Maawali and patched immediately after by Coinomi? Were there apparent hackings conducted after the bug was fixed? The article doesn't mention this. While it sounds like malware was likely involved, there could still have been an oversight error on the part of Coinomi. Not surprised. It read like a load of shit to me. As if there's someone in the bowels of google rubbing their hands as they wait for the seeds to roll in. Gimme a bleedin' break. I agree that the chances of Google being in on it are slim to nonexistent. Actually it does: "Most crucially, however, the first two incoming transactions into the Consolidation Wallet happened in October 2018, well before the Coinomi desktop app was even released (which was December 31 2018).". In plain English, the hackers group that stole the OP's coins and the very wallet that they have used to consolidate funds has been active months before the 1st version of Coinomi Desktop was ever released. This alone is a proof that the OP has been lying all along about the circumstances under which his wallet was emptied.
|
|
|
|
ryap12
Member
Offline
Activity: 700
Merit: 14
|
|
May 26, 2019, 01:32:04 AM |
|
From what I see, I think Coinomi will not pay the stolen funds as they are only a wallet provider and it's up to the user how he uses it. Not sure who the hell it got hacked since I can't spend all my time watching the vid. I just went on reading their conversation with Coinomi. For the bounty reward, OP deserves that since it's major.
I never use these mobile wallets, like Coinomi, because I have a strong feeling from the very beginning that they are prone to attacks since everyone just gives permission whenever they install an application. Virus spreads easily too so I never store such amounts. I prefer using a brand new hardware wallet for full encryption and away from viruses and malwares.
|
|
|
|
Novatech8
Member
Offline
Activity: 700
Merit: 27
Sovryn - Brings DeFi to Bitcoin
|
|
May 26, 2019, 09:12:08 AM |
|
I wonder how that happens because I've been using mine since 2016 and no issue at all but not the windows version though ,I'm using the mobile wallet only
|
|
|
|
Pon13
|
Just noticed there is a third statement of warith Long story short, Coinomi hired a "cyber-security firm" named CipherBlade (that means Coinomi paid that firm money to make a report) and they concluded what Coinomi supports is right ( ) haha how fuckin convenient is that. If you actually read the objective report and have basic security knowledge you will....laugh hard or cry. Its more like a paid article that shils a shitcoin than a technical paper explaining what happened or might happened while most of the arguments have already answered on the 1st and 2nd statements. Its tragic that Coinomi still trying to spread lies and false reports while spending money on the latter instead of just saying sorry and pay back the man. If CipherBlade is a cyber-security firm, i am manbearpig. Anyway you can read the third statement of warith here and judge for yourselves --> https://www.avoid-coinomi.com/#overview-3rd-statementits a free for all world afterall.
|
Bill Hicks was right about....everything
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3014
Welt Am Draht
|
|
January 09, 2020, 01:45:33 PM |
|
Just noticed there is a third statement of warith
I thought it was a load of bollocks at the time and I still do. OP's story, that is. The simplest option is that using any wallet on any Windows PC is a licence to get boned. And it happened to OP just like thousands of others.
|
|
|
|
Pon13
|
|
January 09, 2020, 02:04:10 PM |
|
Just noticed there is a third statement of warith
I thought it was a load of bollocks at the time and I still do. OP's story, that is. The simplest option is that using any wallet on any Windows PC is a licence to get boned. And it happened to OP just like thousands of others. Sure, you look like you've read the story If you want a real good bollocks story except from scientology or any other religion you can take Coinomi's replies and paid reports. Anyway, i hope this ends to court cause the guy will surely win. Facts are facts no matter how many lies and false reports you spread. Coinomi was unlucky cause the guy is not a simple crypto user that would take the loss and didnt know what to do, say or support. The guy is a security analyst and if you compare what both sides state and the way they do it, its clear who is wrong and who is right. If you have the tech knowledge to understand what either side claims then i would say its crystal clear. love and hugs
|
Bill Hicks was right about....everything
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3014
Welt Am Draht
|
|
January 09, 2020, 02:10:18 PM |
|
Sure, you look like you've read the story It's not Coinomi's technical flaw I doubt. It's the idea of a little caretaker in the Google server centre idly browsing the trillions of words per minute pouring in during his tea break, spotting the seed and thinking 'I'll fuckin' have some of that'. If you have a wallet on a PC, any wallet, if someone's already on there then whatever is typed and displayed is already in plain text waiting to be taken away.
|
|
|
|
Pon13
|
|
January 09, 2020, 02:24:59 PM Last edit: January 09, 2020, 02:40:08 PM by Pon13 Merited by gentlemand (1) |
|
Sure, you look like you've read the story It's not Coinomi's technical flaw I doubt. It's the idea of a little caretaker in the Google server centre idly browsing the trillions of words per minute pouring in during his tea break, spotting the seed and thinking 'I'll fuckin' have some of that'. If you have a wallet on a PC, any wallet, if someone's already on there then whatever is typed and displayed is already in plain text waiting to be taken away. Well if you work at google and have access (physical or not) to where these data are being kept i believe you are capable of creating a script extracting the data you want. The whole point was that their Desktop Wallet was sending clear text seed phrases, instead of saying sorry and fix this they responded like the older incident with their mobile wallet not using SSL.....blaming the guy who found the vulnerability and informed them.... Whether was a man in the middle attack (stealing the plain text info that was transmitted) or someone at google i dunno but sending such critical info as passwords or seed words plaint text, no matter how you dont want to see it, its a critical security flaw and the fault is on the developer not the user, just like with the non activated SSL connection on their android wallet (if i recall right).
|
Bill Hicks was right about....everything
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3014
Welt Am Draht
|
|
January 09, 2020, 02:30:46 PM |
|
Whether was a man in the middle attack (stealing the plain text info that was transmitted) or someone at google i dunno but sending such critical info as passwords or seed words plaint text, no matter how you dont want to see it, its a critical security flaw and the fault is on the developer not the user, just like with the non activated SSL connection on ther android wallet (if i recall right).
Agreed. But in this case the likelihood of this particular loss being a common or garden PC hijack is infinitely higher than what is OP claiming. It's important their shitty practices get highlighted and addressed. It's everything that's come after I don't buy.
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3500
Merit: 6984
Top Crypto Casino
|
|
January 09, 2020, 04:15:05 PM Merited by JayJuanGee (1) |
|
But in this case the likelihood of this particular loss being a common or garden PC hijack is infinitely higher than what is OP claiming.
I've been reading this thread in horror, and my understanding is that it's not clear exactly how OP lost his coins. You seem to be saying it was an attack on his PC rather than some insider at Google, right? And here I have to profess severe ignorance as to technical matters, but are you saying that even software wallets like Electrum aren't secure on PCs? And yeah, I agree with the other folks who are recommending hardware wallets, which would have been an infinitely better choice for storing altcoins than Coinomi--but bringing that up doesn't help OP in any way and I'm sure he knows it now. This really sucks for him, and even though the hack happened a while back it's got to still sting.
|
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3014
Welt Am Draht
|
|
January 09, 2020, 04:23:28 PM Merited by JayJuanGee (1) |
|
I've been reading this thread in horror, and my understanding is that it's not clear exactly how OP lost his coins. You seem to be saying it was an attack on his PC rather than some insider at Google, right? And here I have to profess severe ignorance as to technical matters, but are you saying that even software wallets like Electrum aren't secure on PCs?
Why would any desktop wallet be secure? They're on a machine that attracts keyloggers, screen capture stuff, remote takeovers and clipboard malware. If you can type it or see it that means someone else can too. The sending address could be changed, someone might be watching you when it gives you the seed or when you reenter it, they might capture your passwords and empty the wallet. Electrum with a hardware wallet is fine. Electrum on a wiped and air gapped machine that never sees the internet is fine. I've never understood why anyone recommends any Windows PC based wallet for a connected machine. You never know what'll be hiding.
|
|
|
|
HardFacts
Member
Offline
Activity: 434
Merit: 29
|
|
January 09, 2020, 06:41:22 PM |
|
Electrum with a hardware wallet is fine. Electrum on a wiped and air gapped machine that never sees the internet is fine. I've never understood why anyone recommends any Windows PC based wallet for a connected machine. You never know what'll be hiding.
I Totally AGREE !!! Finally someone that understands this concept. With a non connected memory device to store my Bitcoins, I do not have worry about them ever being removed. This allows me to back up my Seed Words here in the forum, and will never risk losing or forgetting my Seed Words as some people have.
|
|
|
|
mocacinno
Legendary
Offline
Activity: 3556
Merit: 5187
https://merel.mobi => buy facemasks with BTC/LTC
|
|
January 09, 2020, 07:02:15 PM |
|
Electrum with a hardware wallet is fine. Electrum on a wiped and air gapped machine that never sees the internet is fine. I've never understood why anyone recommends any Windows PC based wallet for a connected machine. You never know what'll be hiding.
I Totally AGREE !!! Finally someone that understands this concept. With a non connected memory device to store my Bitcoins, I do not have worry about them ever being removed. This allows me to back up my Seed Words here in the forum, and will never risk losing or forgetting my Seed Words as some people have. In case you were serious and this really is your seed: your wallet is now compromised because you posted a picture of your seed on a public forum.. empty this wallet and never use it again. Anybody can restore your wallet using electrum and sign transactions funding the addresses in this wallet from this point forward. After you emptied this wallet, make sure you also move the funds you might have on the forks (like bch or bsv), the same seed can be used to steal those ones to.
|
|
|
|
Pon13
|
|
January 10, 2020, 08:03:45 AM |
|
what the heeeeellll..... HardFacts i hope you're trolling else check and read the bold WARNING message on the image you posted and do what mocacinno suggests immediately.
|
Bill Hicks was right about....everything
|
|
|
Baofeng
Legendary
Offline
Activity: 2772
Merit: 1678
|
|
January 10, 2020, 09:15:31 AM |
|
what the heeeeellll..... HardFacts i hope you're trolling else check and read the bold WARNING message on the image you posted and do what mocacinno suggests immediately. Obviously, he has been trolling you guys and you fall from it, That images is here: https://anonymous-proxy-servers.net/en/help/jondo-live-cd14.html
|
RAZED | │ | ███████▄▄▄████▄▄▄▄ ████▄███████████████▄ ██▄██████▀▀████▀▀█████▄ ░▄███████████▄█▌████████▄ ▄█████████▄████▌█████████▄ ██████████▀███████▄███████▄ ██████████████▐█▄█▀████████ ▀████████████▌▐█▀██████████ ░▀███████████▌▀████████████ ██▀███████▄▄▄█████▄▄██████ █████████████████████████ █████▀█████████████████▀ ███████████████████████ | ▄▄███████▄▄ ▄███████████████▄ ▄███████████████████▄ ▄█████████████████████▄ ▄███████████████████████▄ █████████████████████████ █████████████████████████ █████████████████████████ ▀███████████████████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀███████████████▀ ███████████████████ | RAZED ORIGINALS SLOTS & LIVE CASINO SPORTSBOOK | | | NO KYC | | │ | RAZE THE LIMITS ►PLAY NOW |
|
|
|
broadhurst
Jr. Member
Offline
Activity: 160
Merit: 4
|
|
July 10, 2020, 04:59:31 AM Last edit: July 10, 2020, 05:24:20 AM by broadhurst |
|
1) Why has anybody got their 'life savings' on a fucking desktop wallet.. Use a goddam Trezor with a passphrase and a compatible desktop wallet like electrum 2) What were you doing using Exodus wallet if you were concerned about security, As soon as i tested that wallet it was clear that it is a 'style over substance' wallet 3) Use a passphrase. Coinomi offers you the option of using a bip39 passphrase which would have protected your 'life savings' 4) With all your analasis of Coinomis behaviour try analysing your own shortcomings when it comes down to protecting your crypto assets.. Personel responsibility is about accepting that all software has potential flaws and not blaming a free wallet that you were not forced to use.. i have used a coinomi mobile wallet since 2015 with zero issues and commonsense dictates that you would not have more than a few hundred dollars on a mobile or desktop wallet.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 10993
Crypto Swap Exchange
|
|
July 10, 2020, 07:57:12 AM |
|
1) Why has anybody got their 'life savings' on a fucking desktop wallet.. Use a goddam Trezor with a passphrase and a compatible desktop wallet like electrum 2) What were you doing using Exodus wallet if you were concerned about security, As soon as i tested that wallet it was clear that it is a 'style over substance' wallet
3) Use a passphrase. Coinomi offers you the option of using a bip39 passphrase which would have protected your 'life savings'
4) With all your analasis of Coinomis behaviour try analysing your own shortcomings when it comes down to protecting your crypto assets.. Personel responsibility is about accepting that all software has potential flaws and not blaming a free wallet that you were not forced to use.. i have used a coinomi mobile wallet since 2015 with zero issues and commonsense dictates that you would not have more than a few hundred dollars on a mobile or desktop wallet.
so you just bumped a 7 month old topic with mostly bad advice huh! 1) hardware wallets don't magically give you security. there are still lots of ways that you could lose money using them and lots of exploits that keep being found that lead to fund loss. 2) Exodus is closed source and that means it has 0 security because nobody knows what really happens under the hood. 3) that is not meant for security and it doesn't give you meaningful security either. in fact the term "passphrase" should not have been used in first place. the more appropriate term is "mnemonic extension". not to mention similar to Exodus, Coinoni is also closed source which means this wallet also has 0 security. 4) that is only true when the wallet's source code can be reviewed by experts and its transparency becomes apparent. but when it is closed source then it should not even be used let alone waste time thinking about what you did wrong that led to losses.
|
|
|
|
|