While the cryptocurrency industry is faced with problems of funds loss on exchanges, a Coinomi wallet user has reportedly lost $70,000 worth of cryptocurrency. The user who reported the loss on Reddit claims the theft was due to a vulnerability in the wallet which has probably gone unnoticed or was deliberately put there.
The vulnerability led to the loss of the private key which led to the funds being swept away. An investor, Warith Al Maawali who is the victim of the theft speaking on the situation said:
“My passphrase was compromised and $60K-$70K worth of cryptocurrency were stolen because of Coinomi wallet and how the wallet handled my passphrase. I’m disclosing this issue publicly because Coinomi refused to take the responsibility and all my attempts through private channels have failed,”
To avoid this kind of situation, most wallets are open source, meaning many different developers continue to update it, making it impossible for any bug in the form of codes to be introduced that can result in situations like this. Coinomi wallet, however, ceased to be open source in 2018 which according to Maawali led to the bug that cost many users their funds.
According to him, the vulnerability sends the wallet seed phrase to Google’s remote spell checker API when a user enters it. The vulnerability is said to be an automatic function in the wallet textbox that runs spell checks on seed phrases using googleapis.com which makes the seed phrase visible to interested parties. The funds got stolen when someone saw the seed phrase then accessed the wallet to move all the funds.
How did Mawali get all the technical details concerning the funds’ loss? A customer representative from Coinomi told him he would be paid to find out what happened to the wallet which he later reported to the team but has not been compensated at all for his loss.
This is a rare issue as most problems concern loss of funds locked away in exchanges or due to exchange hacks. To be fair, Coinomi could be fined for this error because wallets should be open source not closed source. Whatever the reason for being closed source, it has cost a user his life savings and that is a big deal. This should also serve as a warning to the other wallet developers who may be considering going closed source as well.