Author

Topic: Coinomi BUG or ...? (Read 414 times)

legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
July 06, 2020, 09:46:53 AM
#26
its a 214 MB file ... as i see some lines are duplicated, i think i have at least 500 k lines
I've received the file. It has 2435570 lines.
Four lines missed an "ENTER", after splitting those lines into two lines, each line was in there exactly 5 times.

After removing duplicates, I have 487115 lines left. It's comforting to know my own Coinomi password isn't in there.
The most common "password"  in there is "Aa123456." with 212904 occurrences. It looks like something based on commonly used passwords.

yeah, to me it also looks more like a rainbow table with a dictionary of the most common passwords and their equivalent salted hashes using MD5 hash algorithm. so it may not exactly be coming from Coinomi but be related to it. possibly a malware on OP's computer tried it but were broken enough to show the table itself!
jr. member
Activity: 55
Merit: 10
July 06, 2020, 01:15:24 AM
#25
Do be careful, the first time (when they allegedly sent seeds to Google) they spent loads of time, effort and money to "bury" the guy that uncovered the alleged infractions.
Hi mocacinno, the guy who uncovered the infractions was trying to extort Coinomi from the start, you can read the detailed forensic analysis of the entire thing here: https://twitter.com/kimionis/status/1131945228506738688

Hello fer_coinomi

I don't know if all this drama is true or not, however I don't think you should post a twitter link if  you have a forensic analysis. This is not the first time I see someone from coinomi pasting a twitter link as if a tweet were a forensic analysis. It is not. Don't you have a direct link to this forensic analysis? It would certainly give much better credibility to it.

That being said, I use coinomi in my mobile for small amounts and never had problems, so I believe your version might be true, but pasting  a tweet link won't help.
Sorry, the the forensic analysis is linked on the first tweet of that thread that I send. I though that the tweets were also important, so I could take 2 birds with a single link. As noted by DaveF, the direct link to the analysis is https://medium.com/@cipherblade/how-not-to-react-when-your-cryptocurrency-is-stolen-92f7c72616af if you don't want to read the tweets from Coinomi's CEO about this.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
July 05, 2020, 08:49:19 PM
#24
Do be careful, the first time (when they allegedly sent seeds to Google) they spent loads of time, effort and money to "bury" the guy that uncovered the alleged infractions.
Hi mocacinno, the guy who uncovered the infractions was trying to extort Coinomi from the start, you can read the detailed forensic analysis of the entire thing here: https://twitter.com/kimionis/status/1131945228506738688

Hello fer_coinomi

I don't know if all this drama is true or not, however I don't think you should post a twitter link if  you have a forensic analysis. This is not the first time I see someone from coinomi pasting a twitter link as if a tweet were a forensic analysis. It is not. Don't you have a direct link to this forensic analysis? It would certainly give much better credibility to it.

That being said, I use coinomi in my mobile for small amounts and never had problems, so I believe your version might be true, but pasting  a tweet link won't help.

I think this is what coinomi was referring to:
https://medium.com/@cipherblade/how-not-to-react-when-your-cryptocurrency-is-stolen-92f7c72616af

I think more and more people are just blaming their wallet, when it's something on the PC / Phone or they downloaded the wrong thing.
The electrum vulnerability is 18+ months old and yet people are still getting hit with it.
electrum-bitcoin.org ( https://bitcointalksearch.org/topic/fraud-site-electrum-bitcoinorg-is-now-mine-5229836 ) is still getting traffic.

So when something like the OP sees something it must be the wallet.
Not some other malware or the fact that they downloaded the wrong thing.

-Dave
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
July 05, 2020, 06:44:58 PM
#23
Do be careful, the first time (when they allegedly sent seeds to Google) they spent loads of time, effort and money to "bury" the guy that uncovered the alleged infractions.
Hi mocacinno, the guy who uncovered the infractions was trying to extort Coinomi from the start, you can read the detailed forensic analysis of the entire thing here: https://twitter.com/kimionis/status/1131945228506738688

Hello fer_coinomi

I don't know if all this drama is true or not, however I don't think you should post a twitter link if  you have a forensic analysis. This is not the first time I see someone from coinomi pasting a twitter link as if a tweet were a forensic analysis. It is not. Don't you have a direct link to this forensic analysis? It would certainly give much better credibility to it.

That being said, I use coinomi in my mobile for small amounts and never had problems, so I believe your version might be true, but pasting  a tweet link won't help.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 05, 2020, 02:41:57 AM
#22
its a 214 MB file ... as i see some lines are duplicated, i think i have at least 500 k lines
I've received the file. It has 2435570 lines.
Four lines missed an "ENTER", after splitting those lines into two lines, each line was in there exactly 5 times.

After removing duplicates, I have 487115 lines left. It's comforting to know my own Coinomi password isn't in there.
The most common "password"  in there is "Aa123456." with 212904 occurrences. It looks like something based on commonly used passwords.
I would go with this:
Whether it's Coinomi bug or malware that pretends as Coinomi, i think what you should do are :
1. Immediately move your cryptocurrency from Coinomi to another wallet using clean/secure computer
2. Format your storage & reinstall your OS
jr. member
Activity: 55
Merit: 10
July 05, 2020, 02:25:21 AM
#21
i just updated yesterday my coinomi desktop wallet ... and like for 3-4 minute the whole coinomi screen with accounts and balance was frozen and in screen appear more than 2,6 million hash and password (i saved all data with the ctrl+c and v function) like

[...]

what you think what was happens? its a bug, what kind of data are this?
Hi pizza50, please open a support ticket at support.coinomi.com explaining in detail what you saw. Explain where exactly did you see that text, how did it appear on the screen, if it was immediately after you ran the updated installer file or when running the app after updating, etc. Please also include a link to the exact file you downloaded and anything else you think is important. The wallet doesn't do anything you described, so most likely you downloaded a fake file from a fake website, or some other software activated as you tried to execute Coinomi. We would love to have a copy if that's the case. But a deeper malware scan and possibly moving your coins to a new recovery phrase using a clean device and subsequent wipe of your computer is recommended.



Do be careful, the first time (when they allegedly sent seeds to Google) they spent loads of time, effort and money to "bury" the guy that uncovered the alleged infractions.
Hi mocacinno, the guy who uncovered the infractions was trying to extort Coinomi from the start, you can read the detailed forensic analysis of the entire thing here: https://twitter.com/kimionis/status/1131945228506738688



To me, this is really weird, because according to what Coinomi says, all user data is only on the user's device, and there is an encrypted application data folder where seed/keys are stored. What interests me is where the user's password is stored? According to this, it turns out that it is located on a Coinomi server that sent everything to one user during an update in some crazy bug Huh

Assuming everything is stored locally, then it is impossible for one program to connect to millions of computers and pull all this data - or is it still possible?
Hi Lucius, the password isn't stored anywhere, and definitely not on our servers. Your app password used to encrypt the wallet data. When the app requires the private keys for any operation, it tries to decrypt the local data with the password. If the decryption is successful, it means the password was correct. If the decryption was not successful, it means the password was wrong. The password itself (or hash or any kind of data derived from it) isn't stored anywhere, not even in your computer.



Not that hosting the executable and the checksum on the same page would be secure.. but at least that's something.
Our website hosts the executable and checksum on the same page, but also has a text file that contains the filenames and their respective hashes, which is signed with our lead dev's PGP key. The chain of trust starts with the signed message and PGP key. Once you verify the signature, you will know which are the legit hashes for each file. Finally you can download the file and check that its hash matches the one on the signed message.
newbie
Activity: 6
Merit: 0
July 04, 2020, 05:02:06 PM
#20
https://bitcointalksearch.org/user/loycev-459836
LoyceV
Legendary
Activity: 1904
Merit: 6555

he was the first who requested the list ...i will send him
you have right i am new user and probable not enough trustworthy, but he is trusted enough, i will send him the list
he will the community more about ...

its a 214 MB file ... as i see some lines are duplicated, i think i have at least 500 k lines
and yes, i have a dell latitude 7480 with very good i7 processor and some gb ram...




and the strange things is that i fund my password in that list - and i use a really long and complex password for coinomi ...
Any chance I can have your file (the one with 2.6 million lines)? Feel free to remove your own password first. If you encrypt it and upload it somewhere secure, I'd like to see if by any chance my own password is in your list. I only use Coinomi on mobile though.
I don't expect my password to be in your list, but if it is, it proves something is terribly wrong.
legendary
Activity: 1624
Merit: 2481
July 04, 2020, 12:13:10 PM
#19
I smell BS
1) Running 32 cores hard I can't hash and write 2,600,000 lines to an SSD with the machine doing nothing else for 5 minutes
2) New user we never heard from before having an issue like this.
3) Copy / pasting that much data in Windows will slow it to a crawl unless you have gigs and gigs of free RAM.

Let's do some math.

OP posted 21 lines which need 1912 Byte of storage.
That's roughly 91 Byte per line.

91 Byte * 2.600.000 Lines = 236600000 Byte = 225 MB

That's definitely not too much to copy/paste and doesn't need gigs of free RAM.

Copy/pasting that definitely will take some time (maybe ~5 minutes?). So technically.. OP could tell the truth.
However i agree with you, that this seems to be quite unlikely. Especially since OP only registered here to create this thread.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
July 04, 2020, 11:23:43 AM
#18
I don't know what official coinomi comes with but it does look like you're being used as a botnet like the others said...
I don't think so as I also disagree with other members believing that OP downloaded a malware which uses his computer to crack md5 hashes simply because those are salted md5 hashes (password + salt).

However, I agree with DaveF. I find it hard to believe that a random user was able to generate or download 2.6 million hashes in 4-5 minutes and copy pasted all the data to a text file without causing the computer to freeze unless it's really a very powerful one.
Besides, if it was really caused by a bug on Coinomi servers then the question is why are they saving hashes, salts and passwords (plain text) on the same table!! it's not safe and I doubt they would make such mistake.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
July 04, 2020, 07:51:19 AM
#17
Whether it's Coinomi bug or malware that pretends as Coinomi, i think what you should do are :
1. Immediately move your cryptocurrency from Coinomi to another wallet using clean/secure computer
2. Format your storage & reinstall your OS

And just don't move the coins. Use a new wallet. Just don't move the seed.

Although I still claim BS. I asked a programmer I know this morning about it.

More or less it came back as: 2.6 million hash. Let's do math.
2.5 million / 5 minutes. Both a longer time then the OP said and a smaller number of hashes.
that is 500,000 a minute. Or 8300 a second. Could be done with a very optimized PC app if they were using the GPU also.
But there is still no way in hell you could display to the screen and write to a file at the same time.

-Dave



legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
July 04, 2020, 02:58:28 AM
#16
Whether it's Coinomi bug or malware that pretends as Coinomi, i think what you should do are :
1. Immediately move your cryptocurrency from Coinomi to another wallet using clean/secure computer
2. Format your storage & reinstall your OS
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
July 03, 2020, 07:46:22 PM
#15
I smell BS
1) Running 32 cores hard I can't hash and write 2,600,000 lines to an SSD with the machine doing nothing else for 5 minutes
2) New user we never heard from before having an issue like this.
3) Copy / pasting that much data in Windows will slow it to a crawl unless you have gigs and gigs of free RAM.

-Dave
newbie
Activity: 19
Merit: 13
July 03, 2020, 04:28:07 PM
#14
Does someone knows if "SALTPLAIN" means it is salted or not? Have you tried to hash your current password in an md5 hasher and compare the result against the hash associated with your username in the list?

If they are equals, that should be very relevant
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
July 03, 2020, 01:43:15 PM
#13
and the strange things is that i fund my password in that list - and i use a really long and complex password for coinomi ...
Any chance I can have your file (the one with 2.6 million lines)? Feel free to remove your own password first. If you encrypt it and upload it somewhere secure, I'd like to see if by any chance my own password is in your list. I only use Coinomi on mobile though.
I don't expect my password to be in your list, but if it is, it proves something is terribly wrong.
newbie
Activity: 6
Merit: 0
July 03, 2020, 01:31:06 PM
#12
because i thought is something really strange i saved all them with ctrl+c and v in a text file (i use editpad pro) and its easy to count ... i mark the last line and editpad show the line number
maybe if the coinomi application did not freze so hard,  would have been more lines ... who know
i think this are not seeds or anything related to keys, they are coinomi passwords - when a coinomi wallet owner will send out money need put this password to approve the transfer
anyway is very very strange how can this appear in the application ..




i just updated yesterday my coinomi desktop wallet ... and like for 3-4 minute the whole coinomi screen with accounts and balance was frozen and in screen appear more than 2,6 million hash and password (i saved all data with the ctrl+c and v function)

How did you get to the number of 2.6 million passwords? I suppose they're not counted manually, is that number show somewhere in Coinomi UI?

and the strange things is that i fund my password in that list - and i use a really long and complex password for coinomi ...

To me, this is really weird, because according to what Coinomi says, all user data is only on the user's device, and there is an encrypted application data folder where seed/keys are stored. What interests me is where the user's password is stored? According to this, it turns out that it is located on a Coinomi server that sent everything to one user during an update in some crazy bug Huh

Assuming everything is stored locally, then it is impossible for one program to connect to millions of computers and pull all this data - or is it still possible?
legendary
Activity: 3584
Merit: 5248
https://merel.mobi => buy facemasks with BTC/LTC
July 03, 2020, 12:36:21 PM
#11
and the strange things is that i fund my password in that list - and i use a really long and complex password for coinomi ...

This changes everything... If there is even a shred of evidence this would mean that they were caught sending sensitive data "home" for the second time...

Do be careful, the first time (when they allegedly sent seeds to Google) they spent loads of time, effort and money to "bury" the guy that uncovered the alleged infractions.
legendary
Activity: 2128
Merit: 1293
There is trouble abrewing
July 03, 2020, 11:37:43 AM
#10
To me, this is really weird, because according to what Coinomi says, all user data is only on the user's device, and there is an encrypted application data folder where seed/keys are stored. What interests me is where the user's password is stored? According to this, it turns out that it is located on a Coinomi server that sent everything to one user during an update in some crazy bug Huh

words of a centralized and closed source wallet mean absolutely nothing. it would be like Coinbase saying they aren't sending all your activities to the authorities every second.
they also have a bad history of doing strange things that make no sense like sending the seed to their server to be checked! so i wouldn't be surprised if their servers also stored the wallet passwords.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
July 03, 2020, 09:55:20 AM
#9
i just updated yesterday my coinomi desktop wallet ... and like for 3-4 minute the whole coinomi screen with accounts and balance was frozen and in screen appear more than 2,6 million hash and password (i saved all data with the ctrl+c and v function)

How did you get to the number of 2.6 million passwords? I suppose they're not counted manually, is that number show somewhere in Coinomi UI?

and the strange things is that i fund my password in that list - and i use a really long and complex password for coinomi ...

To me, this is really weird, because according to what Coinomi says, all user data is only on the user's device, and there is an encrypted application data folder where seed/keys are stored. What interests me is where the user's password is stored? According to this, it turns out that it is located on a Coinomi server that sent everything to one user during an update in some crazy bug Huh

Assuming everything is stored locally, then it is impossible for one program to connect to millions of computers and pull all this data - or is it still possible?
newbie
Activity: 6
Merit: 0
July 03, 2020, 09:14:01 AM
#8
and the strange things is that i fund my password in that list - and i use a really long and complex password for coinomi ...
legendary
Activity: 2758
Merit: 6830
July 03, 2020, 09:06:47 AM
#7
You didn't take a screenshot of it?

I have PM'ed Brenny_Coinomi about this thread. Maybe - if that really happened - it's something which can be explained by him?
newbie
Activity: 6
Merit: 0
July 03, 2020, 08:54:02 AM
#6
checksum verified
no extra process work no extra resources is consuming in my pc ..so for sure nobody using my calculator for hash cracking, etc
and this strange things appeared only 1 time ... i use coinomi from mre than 1 year
only 1 time exactly when i updated the software
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
July 03, 2020, 08:14:52 AM
#5
i run kaspersky + malwarebytes licensed version
my crypto money is safe, nobody accessed my pc
coinomiwas downloaded from official website ....

Different AVs can interfere with each other so I'm not sure keeping both is a great idea and if you have they're probably configured to not look at the same section of disk at once which could cause a problem...

Have you tried running a kaspersky scan? Did you get a community warning when you installed coinomi to say fewer than 50 people installed it (I used to get it and ignore it in electrum). You could try scanning the exe file in both to see if someone's been stupid enough to make a trojan and not a virus but I'd stop running coinomi immediately just in case it's a virus and check there's nothing weird running in the task manager if you can (you can Google the handle of tasks you don't recognise to see if they're created by your os but this might be futile if the malware is able to intercept this information and change it)...

I don't know what official coinomi comes with but it does look like you're being used as a botnet like the others said...
legendary
Activity: 1624
Merit: 2481
July 03, 2020, 08:09:14 AM
#4
i run kaspersky + malwarebytes licensed version

This doesn't mean anything.


coinomiwas downloaded from official website ....

We hear that extremely often. And in the end the user made a mistake and it was a phishing site.
Did you at least verify the checksum?

Code:
.exe checksum (SHA256):65b3d96a0ff403fee6166be5149df9f270466b3ed24ba77bcf3c58cb7a815607

Not that hosting the executable and the checksum on the same page would be secure.. but at least that's something.

Could you answer mocacinno's question?
Did your system load increase dramatically while this event was happening?

Generally, i would recommend you to not use coinomi.
There are better and more secure wallets available.
newbie
Activity: 6
Merit: 0
July 03, 2020, 06:54:02 AM
#3
i run kaspersky + malwarebytes licensed version
my crypto money is safe, nobody accessed my pc
coinomiwas downloaded from official website ....
legendary
Activity: 3584
Merit: 5248
https://merel.mobi => buy facemasks with BTC/LTC
July 03, 2020, 06:51:31 AM
#2
I'm defenately not a fan of coinomi... But it would seem strange if they actually used your pc for bruteforcing salted md5 hashes...

I have no idear who you are, what your technical knowledge is, and how clean you keep your computer... But my first tought would be that you downloaded some malware, even a fake version of coinomi, and the malware is using your computer's resources to crack passwords...

Only my first tought tough... No idear if coinomi messed up, but the odds are bigger that you downloaded some malware next to coinomi.

Did your system load increase dramatically while this event was happening?
newbie
Activity: 6
Merit: 0
July 03, 2020, 06:43:55 AM
#1
i just updated yesterday my coinomi desktop wallet ... and like for 3-4 minute the whole coinomi screen with accounts and balance was frozen and in screen appear more than 2,6 million hash and password (i saved all data with the ctrl+c and v function) like

MD5(SALTPLAIN) 9e1e01ec93c98152f1a41b2ad779dac7:t67SaDq4NhFL7Q8UiVKuapR0U526axqG:Martinez5*
MD5(SALTPLAIN) 9e1e0855d3757abec81d941dcfe7511f:teKoHEjEJmf69G1NCBcQj68mPA9YODyT:Harry2008!
MD5(SALTPLAIN) 9e1eea1ac88d674d9d7437f3bd811580:jAoXfrfrZEwSFCwXdJXnPp3cPvYV8mbx:Spout500!
MD5(SALTPLAIN) 9e1f1771d6faeff0bb9b88888676dc5c:tsNpCU8CmqhwFlkAmVZ1fgkWgvsvBCf3:Joshua#1
MD5(SALTPLAIN) 9e1f8213a755e1f11e5f56d750378998:XKZxF1Jmq41W9dUgVdxF5UYSExpNbcko:May292009
MD5(SALTPLAIN) 9e1fd4f70b4fd5d73df2c6bc426f4eeb:jDkRzqo7BdA0hFShNDPdrgXeFDOQ8Q8o:Darlene5
MD5(SALTPLAIN) 9e200b9b6d49c30952be3dd3f220227e:5RVuru1Ec3936BBRYSKbisCQ4uXmOH5B:Africa97
MD5(SALTPLAIN) 9e20eb0133849e18f9845b09507e1d75:z2IyHlcgZkgBFg1vkRds1rPlR6eU7PDH:abc12345%
MD5(SALTPLAIN) 9e213146a374925c4251c3f99d1571c4:v1z6NhPTe25H4vQy5cM6AeA591Do6teh:chris0505
MD5(SALTPLAIN) 9e216fa6c6aa422cb519b72d09a250af:VsHui1XXKJoQcWKmkGHpqQjUTLyOjzl8:Windows.1
MD5(SALTPLAIN) 9e21df9d6a45b36008415b02bd5c49f9:cNCelGKO6qbhMDGr6mytBnXVQeSfOfHw:coolmom7
MD5(SALTPLAIN) 9e224247733b78db474d81817c39bb6b:V1DTxzmV6lvr5PjV2TlYue5pW7DdTU8T:B2thelake
MD5(SALTPLAIN) 9e23a82cec57d50f60b3534a19611636:ProithAAcq8UehoLoGpEym1o9dsgLMjD:comfort2
MD5(SALTPLAIN) 9e2423338f6ffbc92db1464607fa55d2:bXQxgAaa0Y5JLcKOizwS63boFNT7vQGp:newyork1$
MD5(SALTPLAIN) 9e24a96fa3d19b53c57eee8400c1146d:OoSK7glEyoJVXsrWRgO85RG14bvn6suR:almando1
MD5(SALTPLAIN) 9e24e9ec093695ac2a287ae9ca48fd76:6vuGgbyay4gGgPcY29hDo1cFkBdEry74:Lolalola1!
MD5(SALTPLAIN) 9e258894ca9cf477a0189f9eb47948fe:Tmp6oHzlf1MA6vJl9XsgBHFdMzgREb9Z:1Michelle
MD5(SALTPLAIN) 9e2725e19387519f8b7f2e7dacab44b5:NBa08pxqumWozsgQsJncBcPucigbruo7:Flyboy00
MD5(SALTPLAIN) 9e286d2faa4e0a898699ea971874072a:qzTBgo9ZtIDqFJdZMBIohk0WBKpaYYOw:Soccer13$
MD5(SALTPLAIN) 9e287b9ecf18751f3d57a39084858669:94bXx0eE0vfm4GbtoSlr14ISKn8k7jL8:Daddysgirl1!
MD5(SALTPLAIN) 9e28a112907c074734e4b39728a4f2a3:opUZalvALekFUOv2CSvRjXuatwlBH605:987654321ali

what you think what was happens? its a bug, what kind of data are this?
Jump to: