Noticias
Coinomi Desktop Wallet checks spelling of seed phrases. The function allowed to steal $ 70,000 in cryptocurrency
The user under the warith nickname reported the loss of $ 60,000 – $ 70,000 after installing the Coinomi cryptocurrency wallet from the official site. Spell check ur crypto-currency wallet passphrase remotely with #Coinomi ?https: //t.co/xuQnLf0vOyhttps: //t.co/nasw8FfmpQ#btc $ btc $ ltc $ xmr $ trx $ xrp $ zcoin $ ztin $ zt $ eth $ ark $ bch – Warith Al Maawali (@ warith2020) February 26, 2019 “My main Exodus wallet […]
The user under the warith nickname reported the loss of $ 60,000 – $ 70,000 after installing the Coinomi cryptocurrency wallet from the official site.
Check ur the crypto Spell Spell-currency wallet's Remotely with the passphrase #Coinomi ? https://t.co/xuQnLf0vOy https://t.co/nasw8FfmpQ #btc $ btc $ ltc $ xmr $ trx $ XRP $ zcoin $ dash $ zcash $ gno $ eth $ ark $ bch
– Warith Al Maawali (@ warith2020) February 26, 2019
“My main Exodus wallet did not support some assets and I decided to move them to Coinomi using the same seed phrase,” he writes.
A few days later, warith noticed that 90% of the assets — Bitcoins, ETH, ERC20, LTC and BCH tokens with a total value of up to $ 70,000 — were withdrawn from his Exodus wallet to various addresses. Only assets that were not supported by Coinomi remained in the wallet.
To understand the situation, warith tracked the traffic of the Coinomi application and found out that at the time of launch it downloaded a list of words from the dictionary.
“I entered a random seed phrase in the wallet recovery box and found that in the form of unencrypted text it was sent to googleapis.com for spell checking.
Everyone who is connected with technology and cryptocurrency knows that 12 random English words can be a seed phrase from a crypto wallet. Thus, someone from the Google team, or someone who has access to HTTP requests sent to googleapis.com, found a passphrase and used it to steal $ 60,000 – $ 70,000 in cryptocurrency, ”writes warith.
The user wrote a post about the incident on Twitter, but Coinomi only achieved evasive answers in personal correspondence. In this regard, warith is ready to file a claim with the company, “if it continues to avoid responsibility.”
After some time, a representative of Coinomi, in an interview with Trustnodes, reported that the detected vulnerability was eliminated and concerned only the desktop version of the wallet.
“Requests to Google were encrypted and incorrect, because of which they were not processed by Google. Spell check was carried out locally, ” he said, promising that the company would soon prepare an official comment on the incident.
Recall that earlier in February, a vulnerability was discovered in software for Antminer S15 devices , which in theory allows attackers to fully control ASIC.
Follow BlockchainJournal on Twitter !
BlockchainJournal.news
BlockchainJournal.news
ARK Invest, liderada por Cathie Wood, continúa navegando sus movimientos estratégicos de acciones en el mercado, realizando ventas destacadas de acciones de Coinbase y Grayscale Bitcoin Trust (GBTC) en medio del continuo aumento de los precios del mercado.
Grayscale Bitcoin Trust (GBTC), uno de los vehículos de inversión en criptomonedas más grandes y populares, ha visto su descuento reducirse significativamente en los últimos días a medida que los alcistas continúan elevando su precio. Según datos de Kaiko, una plataforma de inteligencia blockchain, el descuento del GBTC, que mide la diferencia entre el precio de mercado y el valor liquidativo (NAV) del fideicomiso, está en su nivel más estrecho en años, con solo el 8% hasta ayer. (más…)
IBM presentó una nueva tecnología denominada «IBM Hyper Protect Offline Signing Orchestrator» (OSO), diseñada para gestionar activos digitales en almacenamiento en frío. Esta innovación surge como respuesta a los riesgos asociados con los procedimientos manuales y tiene como objetivo mantener los activos a una distancia segura de las conexiones a Internet. (más…)
-
Noticias7 años agoLos principales eventos de la semana en la industria de bitcoin y blockboy (17 de septiembre de 2013 – 23 de septiembre de 2018)
-
Noticias6 años ago24 países junto con el FMI discutieron futuras reglas y regulaciones para la regulación de la criptomoneda
-
Noticias7 años agoMedios de comunicación: en Francia permitirá la compra de criptomoneda en tiendas de tabaco
-
Noticias7 años agoMedios de comunicación: en vísperas de la OPI, los posibles inversores de la compañía minera Bitmain estaban mal informados
-
Noticias7 años agoDescripción general del nuevo ASIC de Bitmain: ANTMINER S15 y T15: características y rentabilidad
-
Noticias6 años ago¿Cómo almacenar una frase semilla mnemónica de una billetera de criptomonedas?
-
Noticias7 años agoEl índice de "índice de miedo y codicia" de Bitcoin alcanzó los valores mínimos
-
Noticias7 años agoAumento de la demanda de Ripple (XRP)