Tech News, Magazine & Review WordPress Theme 2017
  • FEATURES
    • News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Altcoins
    • Trading
    • Blockchain
    • Futuremash
    • Regulators
    • Scams
    • Crypto 101
  • HODLX
    • Latest Stories
    • FAQ
    • Submit Your Guest Blog
  • CRYPTO LIVEWIRE
    • Latest
    • Press Releases
    • Sponsored Posts
    • Submit Your Content
  • BEGINNERS
    • What Is Bitcoin?
    • What Is Blockchain?
    • What Does Hodl Mean?
    • How to Pay Your Bills with Bitcoin
    • Best Bitcoin FAQs
    • Example of Bitcoin’s Purpose
    • Cryptocurrency Has Multiple Meanings
    • Authenticator Alert – Securing Your Crypto
  • SUBMIT
    • Guest Blog
    • Press release
    • Sponsored post
  • EXPLORE
    • eToro
No Result
View All Result
  • FEATURES
    • News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Altcoins
    • Trading
    • Blockchain
    • Futuremash
    • Regulators
    • Scams
    • Crypto 101
  • HODLX
    • Latest Stories
    • FAQ
    • Submit Your Guest Blog
  • CRYPTO LIVEWIRE
    • Latest
    • Press Releases
    • Sponsored Posts
    • Submit Your Content
  • BEGINNERS
    • What Is Bitcoin?
    • What Is Blockchain?
    • What Does Hodl Mean?
    • How to Pay Your Bills with Bitcoin
    • Best Bitcoin FAQs
    • Example of Bitcoin’s Purpose
    • Cryptocurrency Has Multiple Meanings
    • Authenticator Alert – Securing Your Crypto
  • SUBMIT
    • Guest Blog
    • Press release
    • Sponsored post
  • EXPLORE
    • eToro
No Result
View All Result
The Daily Hodl
No Result
View All Result

Coinomi Says Redditor Who Reported Losing Life Savings in Crypto Wants Bitcoin ‘Ransom’, Reveals Findings on Potential Security Flaw

by Daily Hodl Staff
February 27, 2019
in Blockchain
‏‏‎ ‏‏‎ ‏‏‎ ‏‏‎
‎‎‎ ‏‏‎

The crypto wallet company Coinomi just released its preliminary findings after a user, Warith Al Maawali, reported losing his life savings of $60,000 to $70,000 in digital assets due to a flaw in the platform’s security.

In a post on Reddit, Al Maawali says that after his funds disappeared, he discovered the platform’s desktop wallet was sending users’ seed phrases (a string of words used to access crypto funds) directly to Google through an encrypted request.

“As a result, someone from Google’s team or whoever had access to the HTTP requests that are sent to googleapis.com found the passphrase and used it to steal my $60K-$70K worth crypto assets (at current market price). Anyone who is involved in technology and crypto-currency knows that a 12 random English words separated by spaces will probably be a passphrase to a crypto-currency wallet!”

Coinomi says it has fixed the issue, which is tied to a configuration problem with Google’s spell-check feature.

“The seed phrase wasn’t being transmitted in plain text, instead it was being encapsulated inside a HTTPS request with Google being the sole recipient…

Our engineers immediately tracked down the cause of this issue, which wasn’t a bug in our source code but instead was a bad configuration option in a plug-in used in Desktop wallets only. That plugin enabled the spell-check functionality by default in a recent update and was fixed by the jxBrowser plug-in team just 6 days ago – which is the same day we were contacted by Warith Al Maawali.

All Desktop versions were patched immediately after we received the full disclosure, and we then started further exploring the implications by this issue in order to provide our users with the proper guidance and inform them on the course of action that needed to be taken, if any.”

Coinomi says it has had no other reports of users affected by the issue and says it doubts anyone at Google stole Al Maawali’s funds.

“During these days, Warith Al Maawali repeatedly refused to disclose his findings and kept threatening to take this public if we didn’t pay right away the ransom of 17 BTC which would make up for the ‘hacked’ funds…

We’ve had zero reports of hacked Desktop wallets so far other than Warith Al Maawali’s, which however cannot be sustained by the underlying facts – there is still way to investigate the authenticity of his claim and if the funds were indeed stolen it was much more likely due to an infected host rather than Google itself stealing these funds. If the claim is proven to be false we will seek remedies to set things straight and to prevent their recurrence.”

Coinomi says the issue does not affect Android or iOS users, and desktop wallet users should update their client to the latest version, which fixes the issue.

You can check out Coinomi’s full report here.

Follow us on Facebook            Join us on Telegram            Follow us on Twitter


Check Latest News Headlines


ADVERTISEMENT


Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Submit a Press Release

Crypto Livewire – Press Releases

  • Student Coin Found New Ways to Use Crypto
    February 24, 2021
  • Everest Receives Crypto Custodian Approval
    February 23, 2021
  • Here’s How Traders Are Staking Crypto Assets Without the Hassle
    February 18, 2021
  • 99Bitcoins Takes Over the Dead Coins Project to Become the Cryptocurrency Undertaker
    February 17, 2021
  • Coinsbee Makes Spending Bitcoin Easy
    February 17, 2021
Submit a Guest Post
ADVERTISEMENT
Bitcoin
$51,983.00
$51,983.00
3.14%
Ethereum
$1,669.67
$1,669.67
0.32%
Binance Coin
$262.91
$262.91
3.15%
Polkadot
$35.11
$35.11
1.84%
Cardano
$1.08
$1.08
2.05%
XRP
$0.481332
$0.481332
0.78%
ADVERTISEMENT

Spotlight

  • Elon Musk Triggers Massive Bitcoin Breakout After Defending Tesla’s $1.5 Billion Investment
    February 20, 2021
  • ARK Invest’s Cathie Wood Warns ‘Valuation Reset’ Coming, Says Firm Plans To Capitalize on Wave of Fear
    February 24, 2021
  • Crypto Trader Alex Saunders Posts Emergency Update – Here’s Why He’s Taking Profits
    February 18, 2021
  • These Three Altcoins Are Poised To Explode in March, According to Crypto Trader Ivan Liljeqvist
    February 22, 2021

DON’T MISS A BEAT

Crypto headlines delivered daily
to your inbox
BTC, ETH, XRP news alert options

By joining The Daily Hodl news list you agree to our
Terms and Conditions and Privacy Policy.

Check your inbox for confirmation email.

Cryptocurrency news and analysis, covering Bitcoin, Ethereum, Ripple, XRP, altcoins and blockchain technology

Categories

Bitcoin • Ethereum • Trading •
Ripple and XRP • Altcoins •
Blockchain • Regulators •
Scams • Crypto101 • HodlX • Explore • Futuremash •
Crypto Livewire

ABOUT US | EDITORIAL POLICY | PRIVACY POLICY
TERMS AND CONDITIONS | CONTACT

JOIN US ON TELEGRAM

JOIN US ON TWITTER

JOIN US ON FACEBOOK

COPYRIGHT © 2017-2021 THE DAILY HODL

No Result
View All Result
  • FEATURES
    • News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Altcoins
    • Trading
    • Blockchain
    • Futuremash
    • Regulators
    • Scams
    • Crypto 101
  • HODLX
    • Latest Stories
    • FAQ
    • Submit Your Guest Blog
  • CRYPTO LIVEWIRE
    • Latest
    • Press Releases
    • Sponsored Posts
    • Submit Your Content
  • BEGINNERS
    • What Is Bitcoin?
    • What Is Blockchain?
    • What Does Hodl Mean?
    • How to Pay Your Bills with Bitcoin
    • Best Bitcoin FAQs
    • Example of Bitcoin’s Purpose
    • Cryptocurrency Has Multiple Meanings
    • Authenticator Alert – Securing Your Crypto
  • SUBMIT
    • Guest Blog
    • Press release
    • Sponsored post
  • EXPLORE
    • eToro

© 2020 The Daily Hodl

×
We use cookies to give you the best online experience possible. Continue browsing if you are happy with that, or see how to manage cookies.