Earlier this week, Coinomi, cryptocurrency wallet that enables users to trade, secure and manage their Bitcoin [BTC] and other cryptocurrencies, was recently under the scrutiny of the cryptocurrency space as an alleged vulnerability in the wallet was bought to light on Reddit by Warith Al Maawali. However, Coinomi has now addressed this issue on its official web page.
The user of the platform has claimed to have lost about $60,000 – $70,000 worth of cryptocurrency because of this vulnerability. According to the post, the wallet’s “poor implementation” has, in turn, resulted in users plain-text passphrase being shared to a third-party server. Here, the third-party under the limelight is Google servers. The user said on Reddit:
“Please note that this security issue cannot be exploited by anyone except by the people who created it or have control over the backend. To everyone who is using or used Coinomi wallet, make sure to remove your funds from the wallet and change your passphrase by creating a new wallet using another application otherwise your funds might get stolen sooner or later.”
This was followed by the user stating that the wallet’s seeds, otherwise known as a passphrase, are spell checked by Google servers in “clear plain text”, thereby enabling remote access to Google. He went on to say:
“So essentially the textbox which you enter your passphrase in, is basically an HTML file ran by Chromium browser component and once you type or paste anything in that textbox it will immediately and discreetly send it remotely to googleapis.com for spelling check (how awesome is that!)”
When this news broke-out in the cryptocurrency space, several other users of the wallet-provider also came forth stating that they had also lost their funds on the platform recently. Nonetheless, the platform also spoke about this issue. In a blog post, the platform said:
“The report said that seed phrases were being sent over to Google in plain text due to a built-in spell-check functionality in Desktop wallets and that there was a wallet hacked due to this vulnerability. Our engineers confirmed that spell-check functionality was indeed enabled for the Desktop wallets only — the mobile apps were not affected by this.”
This was followed by the platform stating that the problem was not in its source code, but was, in fact, a “bad configuration option in a plug-in used in Desktop wallets only”, allowing the spell-check functionality to be a default. Nonetheless, this problem has now been fixed by the developer team and desktop users are required upgrade to the version and create a new wallet.
The post also read:
“Given the facts above, it’s extremely unlikely that this issue would ever result in loss of funds, however under no circumstances a seed phrase should go online even if this is in encrypted mode and for this we sincerely apologize. “
Luhe, another Redditor said:
“Which is more than likely true. I’ve never used this wallet, but their reasoning makes sense from a computer science perspective of view. Nobody else should have had even the theoretical possibility to see the content (I can see some possible attack scenarios, but they most likely wouldn’t be possible unless Coinomi really f***** up).”
Localether, a Reddit user said:
“Your coins are safu… as long as you trust that google employees are not grepping for pass phrases and then testing them against blockchain addresses.”
Subscribe to AMBCrypto’s Newsletter
Tether’s [USDT] market capitalization hits all-time high, Facebook in talks with Winklevoss twins, trading firms over new cryptocurrency and more
Crypto News – 25 May – Tether’s [USDT] market capitalization hits all-time high, Facebook in talks with Winklevoss twins, trading firms over new cryptocurrency and more
— AMBCrypto (@CryptoAmb) 25 May 2019
Daily Crypto News – May 25
1) Bitcoin Wallet receives part of 5,000 BTC: A recent Whale Alert highlighted a transaction on May 24, where a large sum of Bitcoin [BTC] exchanged hands between two anonymous wallets. According to the alert the transaction took place at 22:13:23 + 1 minutes and 5,000.00001092 BTC was transferred from an unknown wallet, with address 19SiCYaYKZh9A8HUjuh14eg5wtYzKxiFbB, to another unknown wallet with address 14GcjGjxwadzcpmq9EG3KUgTKATjurbnWt.
Read more at https://bit.ly/2VRQwb0
2) Bitwise Report 2.0: Bitcoin [BTC] futures continues growth: On a month-on-month basis, Bitcoin Futures saw a massive bump in April trading at an average of 10,000 contracts daily, peaking on April 4, with over 22,000 contracts traded. To put that number in perspective, in March 2019, the average contracts traded was less than 4,000. Despite the high standards set in April, the average daily contracts traded in May, with 25 days gone has exceeded 14,000 and still looks to grow, given the price performance of Bitcoin.
Read more at https://bit.ly/2W40sTR
3) Craig Wright on private keys: Craig S Wright has, for years, claimed he is the true creator of Bitcoin [BTC] without providing a shred of evidence to support the same. With the crypto-community levelling, Wright could prove his worth by sending BTC from Satoshi Nakamoto’s touted wallet containing around 980,000 BTCs, the BSV man in a twisted cause and effect situation, stated he will “sign” into his wallet only when he proves he is the creator.
Read more at https://bit.ly/2X6fdlw
4) Tether’s [USDT] market cap hits ATH: Tether and Bitfinex are being closely scrutinized now more than ever due to the NYAG’s lawsuit; however, the scrutiny doesn’t seem to have affected Tether as the market cap of USDT has increased by over $100 million in approximately 70 days.
Read more at https://bit.ly/2McaTjE
5) Tether volume shift: Another controversial topic in the cryptocurrency industry was the issue of fake transaction volumes on many of the popular cryptocurrency exchanges. The magnitude of the topic was so large that even Changpeng Zhao, the Chief Executive Officer [CEO] of Binance had raised red flags. This topic and Tether as a whole received another twist when Larry Cermack, the Director of Research at The Block, pointed out a few parameters when it came to the said volume.
Read more at https://bit.ly/2wmk4mJ
6) Bitfinex’s LEO tokens listed on Delta Exchange: Bitfinex’s Leo tokens faced quite a lot of criticism when they were announced, due to the missing $850 million funds from Bitfinex. The private investment round by Bitfinex also faced a lot of heat from the media. However, in a recent development, Leo tokens are being listed on various exchanges for trading.
Read more at https://bit.ly/2HUEnNB
7) Robinhood en-route a projected valuation of $7 billion: Robinhood, the California-based cryptocurrency exchange made headlines recently when a source close to the organization revealed that it was on the verge of closing their latest round of funding at a valuation of a whopping $7 billion – $8 billion. Sources even claimed that the current round of funding could act as a precursor to an even bigger round of funding, which would pit Robinhood with the bigwigs like Coinbase and Binance.
Read more at https://bit.ly/2W64KKj
Subscribe to AMBCrypto’s Newsletter
Bitcoin [BTC]: General manager of BIS says Bitcoin and blockchain technology should be explored to its limits
Bitcoin [BTC]: Mati Greenspan claims ‘$200 move can easily lead to a $2,000 move’
Bitcoin [BTC] and Litecoin [LTC] Price Analysis: BTC and LTC bulls defend position
Dubai-based exchange BitOasis allegedly delists Monero [XMR], ZCash [ZEC] without informing users
Kraken’s Austin Alexander says cryptocurrency space is ‘moving fast’, making it difficult for staffing
Tron [TRX] announces future trading on OKEx platform from May 20
Bitcoin’s [BTC] Lightning Network is awesome, says Blockstream’s Samson Mow
Crypto is replacing the US Dollar and no one seems to be noticing, claims prominent investor Robert Kiyosaki
Bitcoin Cash’s [BCH] Roger Ver adds Coinbase and Binance to his ‘safe list’
Bittrex transfers 6,999,999 XRP to Upbit amid Ripple’s alleged report discrepancies
XRP: Massive amounts of cryptocurrency moved as Ripple, Nexo come into the picture
Bitcoin [BTC] is still going to $100,000, claims Heisenberg Capital’s Max Keiser
Satoshi Nakamoto is easy to get through; can be found by fools, claims John McAfee
XRP: Google Chrome extension to detect trustworthiness of select XRP addresses goes live