Close Menu
    Facebook X (Twitter) Instagram
    ESP Blockchain Journal
    • Noticias
      • Noticias Blockchain
      • Noticias Bitcoin
      • Noticias Ethereum
      • Noticias Ripple
      • NFT
      • Metaverso
      • DeFi
      • Noticias Tron
      • Noticias Litecoin
      • Noticias Monero
      • Noticias Cardano
      • Noticias Stellar
      • Noticias Algorand
      • Noticias Dogecoin
      • Noticias Polkadot
      • Noticias Kusama
      • Noticias Solana
      • Opinión
    • Análisis de Precios
    • Academia Cripto
    • Contacto
    • bandera
    ESP Blockchain Journal
    Home»Noticias»Coinomi Desktop Wallet checks spelling of seed phrases. The function allowed to steal $ 70,000 in cryptocurrency

    Coinomi Desktop Wallet checks spelling of seed phrases. The function allowed to steal $ 70,000 in cryptocurrency

    0
    By BlockchainJournal on febrero 27, 2019 Noticias
    Share
    Facebook Twitter LinkedIn Pinterest Email

    The user under the warith nickname reported the loss of $ 60,000 – $ 70,000 after installing the Coinomi cryptocurrency wallet from the official site.

    Check ur the crypto Spell Spell-currency wallet's Remotely with the passphrase #Coinomi ? https://t.co/xuQnLf0vOy https://t.co/nasw8FfmpQ #btc $ btc $ ltc $ xmr $ trx $ XRP $ zcoin $ dash $ zcash $ gno $ eth $ ark $ bch

    – Warith Al Maawali (@ warith2020) February 26, 2019

    “My main Exodus wallet did not support some assets and I decided to move them to Coinomi using the same seed phrase,” he writes.

    A few days later, warith noticed that 90% of the assets — Bitcoins, ETH, ERC20, LTC and BCH tokens with a total value of up to $ 70,000 — were withdrawn from his Exodus wallet to various addresses. Only assets that were not supported by Coinomi remained in the wallet.

    To understand the situation, warith tracked the traffic of the Coinomi application and found out that at the time of launch it downloaded a list of words from the dictionary.

    “I entered a random seed phrase in the wallet recovery box and found that in the form of unencrypted text it was sent to googleapis.com for spell checking.

    Everyone who is connected with technology and cryptocurrency knows that 12 random English words can be a seed phrase from a crypto wallet. Thus, someone from the Google team, or someone who has access to HTTP requests sent to googleapis.com, found a passphrase and used it to steal $ 60,000 – $ 70,000 in cryptocurrency, ”writes warith.

    The user wrote a post about the incident on Twitter, but Coinomi only achieved evasive answers in personal correspondence. In this regard, warith is ready to file a claim with the company, “if it continues to avoid responsibility.”

    After some time, a representative of Coinomi, in an interview with Trustnodes, reported that the detected vulnerability was eliminated and concerned only the desktop version of the wallet.

    “Requests to Google were encrypted and incorrect, because of which they were not processed by Google. Spell check was carried out locally, ” he said, promising that the company would soon prepare an official comment on the incident.

    Recall that earlier in February, a vulnerability was discovered in software for Antminer S15 devices , which in theory allows attackers to fully control ASIC.

    Follow BlockchainJournal on Twitter !

    << aside id = "unisender_subscribe_form-10" class = "widget unisender_form">

    BlockchainJournal.news

    BlockchainJournal.news

    asic BCH BTC Dash ETH Featured Google LTC TRX Twitter xrp Zcash
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    BlockchainJournal

    Related Posts

    Hyperliquid pide propuestas para lanzar USDH en medio de objeciones por equidad en la gobernanza

    septiembre 5, 2025

    SharpLink explorará el staking de parte de su tesorería en Ethereum en la red Linea

    septiembre 5, 2025

    XRP cae 4% a $2,84 tras rechazo en $2,88 en medio de expectativas por ETFs y mayor volumen

    septiembre 5, 2025

    Strategy Inc. enfrenta obstáculos para entrar al S&P 500 por su volatilidad y dependencia de Bitcoin

    septiembre 5, 2025

    World Liberty Financial bloquea la wallet de Justin Sun en medio de la polémica por WLFI

    septiembre 4, 2025

    SEC apuesta por una agenda pro-cripto con una serie de rulemakings sobre activos digitales

    septiembre 4, 2025
    Buscar
    Facebook X (Twitter) Instagram Pinterest
    © 2025 Blockchainjournal

    Type above and press Enter to search. Press Esc to cancel.

    Utilizamos cookies para asegurar que damos la mejor experiencia al usuario en nuestra web. Si sigues utilizando este sitio asumiremos que estás de acuerdo.