0.04%
1.19%
1.46%
BTC
$64,174.69
0.02%
2.69%
7.14%
ETH
$1,873.10
0.02%
0.83%
0.94%
BNB
$575.46
0.57%
1.36%
0.10%
XRP
$1.10
0.36%
2.00%
3.06%
SOL
$75.80
0.02%
0.52%
2.66%
TRX
$0.32285981
0.03%
0.97%
0.02%
DOGE
$0.07328743
0.24%
1.41%
2.66%
ADA
$0.16236366
0.00%
1.60%
7.78%
LINK
$8.38
0.04%
0.24%
2.65%
LTC
$45.18
0.04%
1.19%
1.46%
BTC
$64,174.69
0.02%
2.69%
7.14%
ETH
$1,873.10
0.02%
0.83%
0.94%
BNB
$575.46
0.57%
1.36%
0.10%
XRP
$1.10
0.36%
2.00%
3.06%
SOL
$75.80
0.02%
0.52%
2.66%
TRX
$0.32285981
0.03%
0.97%
0.02%
DOGE
$0.07328743
0.24%
1.41%
2.66%
ADA
$0.16236366
0.00%
1.60%
7.78%
LINK
$8.38
0.04%
0.24%
2.65%
LTC
$45.18
   /       /    A Vulnerability Discovered in the Coinomi Crypto Wallet

A Vulnerability Discovered in the Coinomi Crypto Wallet

A Vulnerability Discovered in the Coinomi Crypto Wallet


Programmer Warith Al Maawali has discovered a security breach in the Coinomi cryptocurrency wallet, as a result of which the Coinomi crypto wallet sends users' passphrases to the Google spell-check service in unencrypted form, thereby opening up access for scammers to private information and giving them the opportunity to take over users' funds. This breach in the wallet's security was discovered during the investigation of the mysterious theft of 90% of the programmer's funds. Al Maawali discovered that during the setup of the Coinomi wallet, when users enter the mnemonic phrase (seed), the Coinomi application captures the text data entered by the user and automatically sends it to the Google Spellcheck API service for spelling verification in plain form. "To understand what is happening, I will explain it technically," says Al Maawali. "the wallet interface is written in HTML and Java Script and is rendered using a built-in Chromium-based browser."

Like any other Chromium-based application, the wallet application is integrated with various Google-oriented features, such as the automatic spell-check function for all of the user's text input fields. It appears that the problem is that the Coinomi team did not bother to disable this function in the user interface code of their wallet, which led to a situation in which the backup phrases of all their users' wallets were leaking over HTTP during the wallet installation and setup process. Anyone able to intercept web traffic from the wallet application would be able to see the seed phrase of the Coinomi wallet application in unencrypted form. This phrase allows attackers to gain access, using the recovery function, to all funds stored in the user's wallet.

And although Al Maawali has no conclusive proof that this is exactly how the hackers gained access to his data, he claims that only those funds that were stored in the Coinomi wallet were stolen, and therefore he sees no other way to steal the cryptocurrency except through access to the Coinomi mnemonic phrase. "Anyone involved in technology and cryptocurrency knows that (…) 12 random English words separated by spaces are likely to be a passphrase for a cryptocurrency wallet," said Al Maawali.

The researcher created a dedicated website where he described the problem and the experiment he conducted in trying to get Coinomi to acknowledge the vulnerability. He also published a proof-of-concept video, which was later independently verified and reproduced by Luke Childs, a security researcher.

Coinomi, which offers a multi-cryptocurrency wallet application for Android, iOS, Linux, Mac and Windows, did not respond to the affected user's request with an offer to compensate for the stolen funds. However, an updated version of the application appeared the very next day after the user's appeal. Al Maawali claims that he lost between 60,000 and 70,000 US dollars in various cryptocurrencies. His version of the theft of funds is confirmed by other messages in the Coinomi thread on the Reddit forum, where users complain that one day they woke up and discovered that all their Coinomi wallets had been emptied overnight.
01-03-2019
Online Security / Cryptocurrency Wallets

Online Security / Cryptocurrency Wallets

A New Trojan Disguises Itself as a Browser ExtensionA New Trojan Disguises Itself as a Browser ExtensionCryptopia Cryptocurrency Exchange HackedCryptopia Cryptocurrency Exchange HackedCritical vulnerability in the Beam Wallet crypto walletCritical vulnerability in the Beam Wallet crypto walletDisabling of a number of security features in Samourai WalletDisabling of a number of security features in Samourai Wallet

Random quote about money

"Единственное, что можно делать без денег, — это долги."

Хайнц Шенк

Interesting posts in other sections of the blog

Information

Users of Guests are not allowed to comment this publication.

Latest articles

all articles →
Polygon Layoffs and 1inch Founder Exit Expose Crypto’s Costly Pivot to RevenueCryptocurrency NewsPolygon Layoffs and 1inch Founder Exit Expose Crypto’s Costly Pivot to RevenuePolygon Labs cuts staff and 1inch's co-founder says he was fired, as crypto firms restructure around revenue.16-07-2026CRO Surges as Crypto.com Secures $400M in Citadel Securities-Led FundingCryptocurrency NewsCRO Surges as Crypto.com Secures $400M in Citadel Securities-Led FundingThis was the exchange's first-ever institutional funding round. As a result, CRO skyrocketed by 25% in minutes.16-07-2026Fed Chair Warsh: No Bailout for Crypto Industry in CrisisCryptocurrency NewsFed Chair Warsh: No Bailout for Crypto Industry in CrisisBitcoin Magazine Fed Chair Warsh: No Bailout for Crypto Industry in Crisis Federal Reserve Chair Kevin Warsh said the Fed will not bail out failing crypto16-07-2026Forget Bitcoin Bottom: Analyst Says These Altcoins Could Move FirstCryptocurrency NewsForget Bitcoin Bottom: Analyst Says These Altcoins Could Move FirstAccording to the analyst, waiting for universal confirmation of a market bottom could mean missing the strongest early opportunities.16-07-2026Grayscale Highlights a 22% Bitcoin Yield Opportunity as Early Bottom Signals EmergeCryptocurrency NewsGrayscale Highlights a 22% Bitcoin Yield Opportunity as Early Bottom Signals EmergeGrayscale is pitching covered calls as a way for Bitcoin holders to earn yield during a range-bound market, even as Glassnode detects early signals of a bear16-07-2026Ethereum Price Analysis: Is $2K Next for ETH After Reclaiming Key Support?Cryptocurrency NewsEthereum Price Analysis: Is $2K Next for ETH After Reclaiming Key Support?Ethereum has had a notable recovery from its June lows, reclaiming an important resistance zone while testing a major descending trendline on the higher16-07-2026Bitcoin VC Veterans Launch $40 Million Holding Company Targeting Small Business AcquisitionsCryptocurrency NewsBitcoin VC Veterans Launch $40 Million Holding Company Targeting Small Business AcquisitionsBitcoin Magazine Bitcoin VC Veterans Launch $40 Million Holding Company Targeting Small Business Acquisitions Lyn Alden is helping debut a permanent capital16-07-2026Gold and Silver Lost $700B as Iran Threatens Bab el-Mandeb. Will Bitcoin Follow?Cryptocurrency NewsGold and Silver Lost $700B as Iran Threatens Bab el-Mandeb. Will Bitcoin Follow?Bitcoin's safe-haven edge grows as gold and silver shed $700 billion. Dollar strength and Fed bets crush metals.16-07-2026Breez Partners With Turnkey to Bring Non-Custodial Bitcoin to Backend-Run AppsCryptocurrency NewsBreez Partners With Turnkey to Bring Non-Custodial Bitcoin to Backend-Run AppsBitcoin Magazine Breez Partners With Turnkey to Bring Non-Custodial Bitcoin to Backend-Run Apps Breez has partnered with Turnkey to let backend-run apps16-07-2026
Sign inMasterInvest
RUENUK