Connect with us

Technology

Bitcoin [BTC], Ethereum [ETH] & altcoin wallet, Coinomi addresses seed phrase vulnerability; says highly unlikely to result in loss of funds

Priya

Published

on

Bitcoin [BTC], Ethereum [ETH] & altcoin wallet, Coinomi addresses seed phrase vulnerability; says highly unlikely to result in loss of funds
Source: Unsplash

Earlier this week, Coinomi, cryptocurrency wallet that enables users to trade, secure and manage their Bitcoin [BTC] and other cryptocurrencies, was recently under the scrutiny of the cryptocurrency space as an alleged vulnerability in the wallet was bought to light on Reddit by Warith Al Maawali. However, Coinomi has now addressed this issue on its official web page.

The user of the platform has claimed to have lost about $60,000 – $70,000 worth of cryptocurrency because of this vulnerability. According to the post, the wallet’s “poor implementation” has, in turn, resulted in users plain-text passphrase being shared to a third-party server. Here, the third-party under the limelight is Google servers. The user said on Reddit:

“Please note that this security issue cannot be exploited by anyone except by the people who created it or have control over the backend. To everyone who is using or used Coinomi wallet, make sure to remove your funds from the wallet and change your passphrase by creating a new wallet using another application otherwise your funds might get stolen sooner or later.”

This was followed by the user stating that the wallet’s seeds, otherwise known as a passphrase, are spell checked by Google servers in “clear plain text”, thereby enabling remote access to Google. He went on to say:

“So essentially the textbox which you enter your passphrase in, is basically an HTML file ran by Chromium browser component and once you type or paste anything in that textbox it will immediately and discreetly send it remotely to googleapis.com for spelling check (how awesome is that!)”

When this news broke-out in the cryptocurrency space, several other users of the wallet-provider also came forth stating that they had also lost their funds on the platform recently. Nonetheless, the platform also spoke about this issue. In a blog post, the platform said:

“The report said that seed phrases were being sent over to Google in plain text due to a built-in spell-check functionality in Desktop wallets and that there was a wallet hacked due to this vulnerability. Our engineers confirmed that spell-check functionality was indeed enabled for the Desktop wallets only — the mobile apps were not affected by this.”

Coinomi official statement | Source: Coinomi Medium Blog

Coinomi official statement | Source: Coinomi Medium Blog

This was followed by the platform stating that the problem was not in its source code, but was, in fact, a “bad configuration option in a plug-in used in Desktop wallets only”, allowing the spell-check functionality to be a default. Nonetheless, this problem has now been fixed by the developer team and desktop users are required upgrade to the version and create a new wallet.

The post also read:



“Given the facts above, it’s extremely unlikely that this issue would ever result in loss of funds, however under no circumstances a seed phrase should go online even if this is in encrypted mode and for this we sincerely apologize. “

Luhe, another Redditor said:

“Which is more than likely true. I’ve never used this wallet, but their reasoning makes sense from a computer science perspective of view. Nobody else should have had even the theoretical possibility to see the content (I can see some possible attack scenarios, but they most likely wouldn’t be possible unless Coinomi really f***** up).”

Localether, a Reddit user said:

“Your coins are safu… as long as you trust that google employees are not grepping for pass phrases and then testing them against blockchain addresses.”





Subscribe to AMBCrypto’s Newsletter




Follow us on Telegram | Twitter | Facebook



Priya is a full-time member of the reporting team at AMBCrypto. She is a finance major with one year of writing experience. She has not held any value in Bitcoin or other currencies.

News

Tether’s [USDT] market capitalization hits all-time high, Facebook in talks with Winklevoss twins, trading firms over new cryptocurrency and more

Guest Author

Published

on

Tether’s [USDT] market capitalization hits all-time high, Facebook in talks with Winklevoss twins, trading firms over new cryptocurrency and more

Daily Crypto News – May 25

1) Bitcoin Wallet receives part of 5,000 BTC: A recent Whale Alert highlighted a transaction on May 24, where a large sum of Bitcoin [BTC] exchanged hands between two anonymous wallets. According to the alert the transaction took place at 22:13:23 + 1 minutes and 5,000.00001092 BTC was transferred from an unknown wallet, with address 19SiCYaYKZh9A8HUjuh14eg5wtYzKxiFbB, to another unknown wallet with address 14GcjGjxwadzcpmq9EG3KUgTKATjurbnWt.

Read more at https://bit.ly/2VRQwb0

2) Bitwise Report 2.0: Bitcoin [BTC] futures continues growth: On a month-on-month basis, Bitcoin Futures saw a massive bump in April trading at an average of 10,000 contracts daily, peaking on April 4, with over 22,000 contracts traded. To put that number in perspective, in March 2019, the average contracts traded was less than 4,000. Despite the high standards set in April, the average daily contracts traded in May, with 25 days gone has exceeded 14,000 and still looks to grow, given the price performance of Bitcoin.

Read more at https://bit.ly/2W40sTR

3) Craig Wright on private keys: Craig S Wright has, for years, claimed he is the true creator of Bitcoin [BTC] without providing a shred of evidence to support the same. With the crypto-community levelling, Wright could prove his worth by sending BTC from Satoshi Nakamoto’s touted wallet containing around 980,000 BTCs, the BSV man in a twisted cause and effect situation, stated he will “sign” into his wallet only when he proves he is the creator.

Read more at https://bit.ly/2X6fdlw

4) Tether’s [USDT] market cap hits ATH: Tether and Bitfinex are being closely scrutinized now more than ever due to the NYAG’s lawsuit; however, the scrutiny doesn’t seem to have affected Tether as the market cap of USDT has increased by over $100 million in approximately 70 days.

Read more at https://bit.ly/2McaTjE

5) Tether volume shift: Another controversial topic in the cryptocurrency industry was the issue of fake transaction volumes on many of the popular cryptocurrency exchanges. The magnitude of the topic was so large that even Changpeng Zhao, the Chief Executive Officer [CEO] of Binance had raised red flags. This topic and Tether as a whole received another twist when Larry Cermack, the Director of Research at The Block, pointed out a few parameters when it came to the said volume.

Read more at https://bit.ly/2wmk4mJ

6) Bitfinex’s LEO tokens listed on Delta Exchange: Bitfinex’s Leo tokens faced quite a lot of criticism when they were announced, due to the missing $850 million funds from Bitfinex. The private investment round by Bitfinex also faced a lot of heat from the media. However, in a recent development, Leo tokens are being listed on various exchanges for trading.

Read more at https://bit.ly/2HUEnNB



7) Robinhood en-route a projected valuation of $7 billion: Robinhood, the California-based cryptocurrency exchange made headlines recently when a source close to the organization revealed that it was on the verge of closing their latest round of funding at a valuation of a whopping $7 billion – $8 billion. Sources even claimed that the current round of funding could act as a precursor to an even bigger round of funding, which would pit Robinhood with the bigwigs like Coinbase and Binance.

Read more at https://bit.ly/2W64KKj





Subscribe to AMBCrypto’s Newsletter


Continue Reading

Trending