Major-Security-Vulnerability-Found-In-Coinomi-Wallet

Major security issue regarding the Coinomi Wallet has been found by security experts Jonathan Sterling and Luke Childs.

Founded back in 2014, Coinomi is the oldest multi-asset wallet available, with millions of active users. Coinomi is a security-first, multi-asset wallet for both mobile & desktop that provides native support and true ownership for as many as 125 blockchains & 382 tokens — a total of 507 assets.

According to the Reddit post that broke the news, the security professionals say:

“When you enter your seed phrase to recover a new wallet, the Coinomi app makes a request to Google's spellcheck API to spellcheck the seed phrase. Yup, I know. The plain text seed phrase is accessible to Google (although transport uses SSL so it's encrypted over the wire). However, this does mean that if you're using Coinomi your seed phrase is likely sitting in plain text logfiles at Google, accessible to a large number of employees.”

This is why Google has all your keys. Everyone needs a hardware wallet and should never input their private key or mnemonic onto any isolated device.

The credit for this breaking news goes to Warith Al Maawali who found the vulnerability. He's also claimed he's lost about $70k of funds from his wallet and Coinomi is avoiding the question of whether they'll reimburse him. This is why he's now decided to go public.

On his blog post, he writes:

“To understand how catastrophic the security issue is, they simply take your crypto-currency wallet’s passphrases/seeds and spell check it by sending it remotely to Google servers in clear plain text! They did not take the responsibility of my loss, I gave them more than 24 hours before full disclosure, they fixed the issue without notifying their users and they kept procrastinating like scumbags to buy more time.”

He summed it all up on his website, https://www.avoid-coinomi.com/.

Most users who noticed this vulnerability are shocked by this with many saying that they are going to not use the wallet anymore.

Get Free Email Updates!

*Action Required* Enter Your Email for Trending Crypto News & Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

[Author Alert] The author’s opinions above are solely based on their own self-conducted research. Assume any and all authors are using, holding, trading and/or buying cryptoassets mentioned as a portion of his or her financial portfolio. Use information at your own risk, do you own research, never invest more than you are willing to lose.

[Domain Disclosure] The crypto-community content sourced, created and published on BitcoinExchangeGuide should never be used or taken as financial investment advice. Under no circumstances does any article represent our recommendation or reflect our direct outlook. We b-e-g of you to do more independent due diligence, take full responsibility for your own decisions and understand trading cryptocurrencies is a very high-risk activity with extremely volatile market changes which can result in significant losses. Editorial Policy \\ Investment Disclaimer


Coin Market Cap Price Change 24 Hour Volume
BTC $155.4B $8,767.3447 9.29% $8.71B
ETH $28.56B $268.8340 7.57% $3.05B
XRP $17.32B $0.4113 7.25% $762.1M
BCH $7.73B $433.8829 8.79% $659.74M
LTC $7.07B $114.1894 12.02% $1.45B
EOS $6.36B $6.9673 9.55% $991.5M
BNB $4.83B $34.2418 0.69% $345.86M
USDT $3.09B $1.0079 0.40% $7.68B
XLM $2.57B $0.1334 7.36% $63.55M
ADA $2.23B $0.0861 6.71% $87.94M

Get 3 Free Bitcoin eBooks for Limited Time Only

Receive three exclusive user guides detailing a) What is Bitcoin b) How Cryptocurrency Works and c) Top Crypto Exchanges today plus a bonus report on Blockchain distributed ledger technology plus top news insights.

LEAVE A REPLY

Please enter your comment!
Please enter your name here