Coinomi wallet hacked, all funds stolen

[Bud1951]

The wallet was drained on Feb 14th.  The password was in my head not on paper.  The seed phrase was on paper in a safe which only I have access to.  Coinomi denies all responsibility and basically says too bad so sad.  My wife and I are retired, the wallet held our "safe" retirement cash savings.  Stay away from this wallet. 

[hosseinimr93]

Coinomi is a close-source wallet and we don't know how the keys are generated and whether they have access to users keys or not.
Take note that this doesn't mean they have definitely stolen you fund. There can be many other reasons.

1. It's possible that you used a weak password and someone was able to brute-force it.
2. It's possible that someone had access to your seed phrase.
3. It's possible that your device was compromised.

Even if they have stolen your fund, it's still your own fault. Because you used a close-source wallet.

[Macadonian]

Coinomi either has a weak process or poor security or when you were accessing your wallet your computer might be compromised and they used a keylogger or malware to get the password of your wallet and logged into it. Are you sure that your computer is secure?

[mk4]

The thing with software wallets is that there's always a chance of a private key leak simply due to the fact that your wallet's private keys were generated through your computer/mobile device. And add the fact that it's closed source? We have no idea how secure the wallet app is.

Next time, grab a hardware wallet.

[Macadonian]

The thing with software wallets is that there's always a chance of a private key leak simply due to the fact that your wallet's private keys were generated through your computer/mobile device. And add the fact that it's closed source? We have no idea how secure the wallet app is.

Next time, grab a hardware wallet.

Hardware wallet or offline wallet are the only options but people still use these closed source wallets which have no way of verifying their security or the way they generate private keys. They could have the copy of the private key or they could be storing the private key in plain text for what we know.

[Justtoons]

d

Coinomi either has a weak process or poor security or when you were accessing your wallet your computer might be compromised and they used a keylogger or malware to get the password of your wallet and logged into it. Are you sure that your computer is secure?

I'm so sorry for your loss.maybe the wallet was hacked using malwares. But did you keep your seed phrase in a safe location, how sure are you that only you have access to it. What about your house how many of you are living there. My advice is that you should create a new wallet and this time use a much stronger password.

[hosseinimr93]

My advice is that you should create a new wallet and this time use a much stronger password.

No. OP shouldn't use Coinomi anymore and should go for an open-source wallet.
As I already said, coinomi is close-source and even if you use a strong password, there is no guarantee that your wallet is safe.

It may worth mentioning that even if you use a trustworthy open-source wallet an an online device, your fund isn't still completely secure. Any online device is prone to hacking.

[Plaguedeath]

It's a very very low chance if Coinomi's developer is steal your coins, I believe the fault was from your side for clicking random link, downloading unknown apps, using crack or mod apps etc. You need to know when you're installing any apps on your device, those apps often ask for permissions to access your device, like your album. If you've screenshot your seed phrase, they're already know your seed phrase since they can spy your album.

[m2017]

The wallet was drained on Feb 14th.  The password was in my head not on paper.  The seed phrase was on paper in a safe which only I have access to.  Coinomi denies all responsibility and basically says too bad so sad.  My wife and I are retired, the wallet held our "safe" retirement cash savings.  Stay away from this wallet. 

Any such loss is an occasion to grieve. But there is nothing to fix and not return. Try to use other, safer crypto storage methods next time. You have already been advised to use a hardware wallet, so I will not repeat myself. Can you tell me how much money was in your wallet? If this is a significant number, then why didn't you think about buying HW devices? Also, I agree with the rest of the comments above that the cause of the loss is not necessarily the Coinomi. Too little information to draw such a conclusion and be sure. Perhaps you yourself made a mistake somewhere or the attackers who hacked turned out to be very lucky. In general, more evidence is needed to identify the culprit.

[Cantsay]

The wallet was drained on Feb 14th.  The password was in my head not on paper.  The seed phrase was on paper in a safe which only I have access to.  Coinomi denies all responsibility and basically says too bad so sad.  My wife and I are retired, the wallet held our "safe" retirement cash savings.  Stay away from this wallet. 

Op sorry for your loss. It's never a good thing to use a closed sourced wallet because you never know if there's a backdoor for devs to look into your account and steal your funds. And I know alot of people have suggested that you go get a hardware wallet but if can't afford a hardware wallet you should look for a reputable open source wallet and we have Electrum as an example.

Another thing you should consider aside from the type of wallet is how you keep your secret phrase. How sure are you that your private key or secret phrase never got exposed? Did you at anytime input your key into any online service? And since you said you didn't write it down so they'll be no way for someone outside you and your wife to know it except your system was infected with malware that steal information.

[S A KHAIR]

The wallet was drained on Feb 14th.  The password was in my head not on paper.  The seed phrase was on paper in a safe which only I have access to.  Coinomi denies all responsibility and basically says too bad so sad.  My wife and I are retired, the wallet held our "safe" retirement cash savings.  Stay away from this wallet. 

It's hard to tell if it's their fault or yours, sometimes, you keep your password and seed phrase safe, but the chance of your device getting a virus is also possible. But you were careless in the beginning, you should get yourself a hardware wallet instead of using online software wallet frequently.

[hosseinimr93]

And I know alot of people have suggested that you go get a hardware wallet but if can't afford a hardware wallet you should look for a reputable open source wallet and we have Electrum as an example.

It should be noted that electrum can provides the same security as a hardware wallet only if it's used on an air-gapped device. Otherwise, it would be still a hot wallet and prone to hacking.

It's hard to tell if it's their fault or yours,

It's OP's fault.
Even if there was a vulnerability or a backdoor caused OP to lose the fund, it's still OP's fault that he/she used a close-source wallet while there are many good open-source wallets.

[laurenB7742]

The wallet was drained on Feb 14th.  The password was in my head not on paper.  The seed phrase was on paper in a safe which only I have access to.  Coinomi denies all responsibility and basically says too bad so sad.  My wife and I are retired, the wallet held our "safe" retirement cash savings.  Stay away from this wallet. 

My condolences for your loss, I hope you didn't invest all your savings in bitcoin and store them with Coinomi. Although Coinomi is a closed source wallet, you shouldn't immediately blame them as it is possible that your computer was hacked or you accidentally leaked the seed phrase.
If you don't have any proof, then you can't do anything and they won't have any liability to you. Not only stay away from Coinomi wallet, but you should stay away from all closed source wallets, better buy a hardware wallet.

[taufik123]

The thing with software wallets is that there's always a chance of a private key leak simply due to the fact that your wallet's private keys were generated through your computer/mobile device. And add the fact that it's closed source? We have no idea how secure the wallet app is.

Private key leak due to user negligence and the device used is infected with malware or trapped on a phishing website which requires entering the private key. Quite often such hacks happen, even I also get a lot of spam emails that redirect to phishing websites.

and what becomes even more dangerous is when the address or wallet that we have is exposed to a dusting attack and has been marked and sent with several foreign coins that cannot be traded.
https://en.wikipedia.org/wiki/Dusting_attack

Apart from that, other methods such as phishing dApps pages are usually found in several airdrops which require connecting using dApps and finally the hacker has control over the wallet. To be able to overcome these hacking attempts, you can Revoke several suspected dApps.
https://study.bitkeep.com/en/?ht_kb=dapp-authorization-scam

Next time, grab a hardware wallet.

Highly recommended, but choose a hardware wallet that is really suitable because there are currently various types of hardware wallets available.

No. OP shouldn't use Coinomi anymore and should go for an open-source wallet.
As I already said, coinomi is close-source and even if you use a strong password, there is no guarantee that your wallet is safe.

and Electrum is the answer, more secure and free and Open Source.
If really want to use a Multi-Wallet, then the last, safest choice is a Hardware wallet

It may worth mentioning that even if you use a trustworthy open-source wallet an an online device, your fund isn't still completely secure. Any online device is prone to hacking.

Every online device will still have the risk of hacking.
Besides that, the user's vigilance and how he keeps his wallet safe also matter.
No matter how secure the user is, the loss of assets may occur.

[Lucius]

The wallet was drained on Feb 14th.

Then you didn't really have a happy Valentine's Day - but someone else obviously had a smile on their face...

The password was in my head not on paper.  The seed phrase was on paper in a safe which only I have access to.

Has the password ever been written down on paper or anywhere online? In any case, keeping such information in your head is a bad option, not only because you can forget it naturally, but also because of a possible head injury. Are you sure only you had access to the safe?

Coinomi denies all responsibility and basically says too bad so sad.  My wife and I are retired, the wallet held our "safe" retirement cash savings.  Stay away from this wallet. 

What else do you expect them to say? No matter how much you think it's the wallet's fault, it's hardly an inside job - because if there was any vulnerability, hundreds or even thousands of wallets would be emptied. No matter how you look at it, you and your wife should have been much smarter and informed yourself first, and if you had done that, maybe this wouldn't have happened.

[DaveF]

It's hard to tell if it's their fault or yours,

It's OP's fault.
Even if there was a vulnerability or a backdoor caused OP to lose the fund, it's still OP's fault that he/she used a close-source wallet while there are many good open-source wallets.

Closed / open does not matter when you get to the fact that crypto was stored in an online hot wallet.
As I have said dozens of times. I use Coinomi on my phone, I know it's unsafe. But, on that note so is electrum on my phone, and desktop because wait for it.....it's a hot wallet on an internet connected device.

Any real funds are stored offline and secured with hardware.

-Dave

[Rigon]

Op are you sure that your seed phrase was very safe? I don't think so. Maybe someone stole from you. Which you don't think at all. I have never used the wallet you used. But why did you set such a weak wallet for your hard earned money. You should better choose a secure wallet and keep your funds there. This case of yours seems really sad to me.

[dkbit98]

The wallet was drained on Feb 14th.  The password was in my head not on paper.  The seed phrase was on paper in a safe which only I have access to.  Coinomi denies all responsibility and basically says too bad so sad.  My wife and I are retired, the wallet held our "safe" retirement cash savings.  Stay away from this wallet. 

Sorry, but this is ultimately your own fault, this is a hot wallet and there is always a risk that something gets leaked if you are not careful.
I bet if I scanned your device used for installing Coinomi (probably with wInD0ws OS) that I would find several malware, or software that records what you type.
That is why people invented hardware wallets and that is why they are using airgapped devices.
On top of everything, Copinomi is closed source software, it's mistake using closed source Bitcoin wallets.

[NotATether]

Apart from that, other methods such as phishing dApps pages are usually found in several airdrops which require connecting using dApps and finally the hacker has control over the wallet. To be able to overcome these hacking attempts, you can Revoke several suspected dApps.
https://study.bitkeep.com/en/?ht_kb=dapp-authorization-scam

Why are people with thousands of dollars in cryptocurrency still chasing airdrops that will only give you $5 dollars. Is it really worth the risk (let alone the gigantic waste of time it is)?

PS.

Don't store any cryptocurrency on Windows. Not even Linux if it is running inside a Windows host.

[rat03gopoh]

The password was in my head not on paper.

Is that a series of words that are easy to guess? Then it's useless. Btw, the seed phrase can also be seen on the settings page right? simply use a password to access it (or biometrics if you enable it). As I recall, Android devices can add multiple biometric IDs. If in fact there is other IDs on your device, I don't think you need to suspect it's a malware attack, wallet vulnerability, or other online attacks.