Coinomi wallet hacked, all funds stolen

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: pooya87 on May 22, 2023, 01:54:44 AM

The recent shitshow with Ledger is the reason why I have always called hardware wallets in general "semi-cold storage" not "cold storage". The only true cold storage is a device that has absolutely not connection to the outside world.

Drifting away from the original topic but..

You can do that with the ColdCard it supports PSBT https://coldcard.com/docs/faq
There are others that may too. The device never has to see the internet you are just moving an SD card between an online machine and the device.

Personally I think it's more time consuming then it's worth but it does work well.

-Dave

pooya87

legendary

Activity: 3444

Merit: 10537

The recent shitshow with Ledger is the reason why I have always called hardware wallets in general "semi-cold storage" not "cold storage". The only true cold storage is a device that has absolutely not connection to the outside world.

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: Pmalek on May 21, 2023, 04:36:45 AM

Just ask Ledger and Safepal. It's very safe sending and storing your seed in clouds and on the servers of 3rd-party companies. You also enjoy the added benefit of possibly getting your crypto possessed, stolen, or the data leaked. I hope everyone recognizes the sarcasm.

Ledger is no longer a recommended hardware wallet, i don't know if they can even be called a hardware wallet anymore, they are now more like a custodial or an exchange wallet. The crazy thing is many people with bad operational security will opt into this thinking it is an extra layer of security for their funds, when they no longer own their keys. Roll Eyes

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Z-tight on May 19, 2023, 09:27:20 AM

- Save your private keys and seed phrase online, in your email or in cloud.

There are no problems with that as long as you pay a monthly fee for that pleasure. Just ask Ledger and Safepal. It's very safe sending and storing your seed in clouds and on the servers of 3rd-party companies. You also enjoy the added benefit of possibly getting your crypto possessed, stolen, or the data leaked. I hope everyone recognizes the sarcasm.

I think this gem is fitting:

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: Agbe on May 17, 2023, 05:15:10 PM

W normally tell people to use Open Source wallets preferable Electrum, Wasabi others. Well sorry for your lost, since the owners of the wallet app said, they can't do anything then your coins are gone. Coinomi supposed know how the coins move from the wallet to another wallet. Something phishing is here.

Open source wallets are the most recommended because we can verify their codes, but you can surely lose your funds in open source wallets if you have bad operational security, they are not safe in and of themselves. If your funds is stolen and moved to another address, everyone can see the address the funds moved to, including you, not just only your wallet software developers, but BTC transactions are irreversible, identifying the address the funds moved to cannot help you recover it.

Quote from: Agbe on May 17, 2023, 05:15:10 PM

Op. Said he has the keys with him and the password is in head so how come the wallet was hacked? Is it that the hackers used software to hacked the wallet. And if it is like that then Coinomi wallet is not secure to use and recommend to others. This is very sad news because your old age with your wife savings were there and have been hacked by the negligent of Coinomi company because their app or website is not well secured.

Even if your funds is in an open or closed source wallet and you have your keys, you funds can be stolen if you do these things and many more:
- Download or run a fake wallet file
- Expose your private key or seed phrase
- Run your wallet file in an online device
- If you have bad operational security
- Click on dangerous and scam links
- Save your private keys and seed phrase online, in your email or in cloud.

Agbe

hero member

Activity: 854

Merit: 1246

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The wallet was drained on Feb 14th. The password was in my head not on paper. The seed phrase was on paper in a safe which only I have access to. Coinomi denies all responsibility and basically says too bad so sad. My wife and I are retired, the wallet held our "safe" retirement cash savings. Stay away from this wallet.

W normally tell people to use Open Source wallets preferable Electrum, Wasabi others. Well sorry for your lost, since the owners of the wallet app said, they can't do anything then your coins are gone. Coinomi supposed know how the coins move from the wallet to another wallet. Something phishing is here. Op. Said he has the keys with him and the password is in head so how come the wallet was hacked? Is it that the hackers used software to hacked the wallet. And if it is like that then Coinomi wallet is not secure to use and recommend to others. This is very sad news because your old age with your wife savings were there and have been hacked by the negligent of Coinomi company because their app or website is not well secured.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: rby on May 16, 2023, 02:13:10 PM

Very good way to trace a discrepancy in your wallet. But I have a concern, if the allegations that the developers behind a closed source wallets manipulate is real. Will it not be easy for them to wipe the transaction history from the wallet. Then, the victim won't have any link to the blockchain immutable ledger to verify.

Manipulating the native software is possible, but they can't manipulate a decentralized database and a 3rd-party blockchain explorer. If you know your addresses, you have ways to check your balances. If your wallet shows you have X of BTC on address A, you can always confirm that on the blockchain. The native software can lie about what you have, but the blockchain data tells the truth.

rby

hero member

Activity: 742

Merit: 611

Brotherhood is love

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The wallet was drained on Feb 14th.

What a poor coincidence? A day meant for love turned to grief. Take heart.

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The password was in my head not on paper. The seed phrase was on paper in a safe which only I have access to.

I have a couple of passwords in my head, very strong and I cannot forget unless I have a brain issue in the future (not anticipating though). But the disadvantage is that I tend to repeat same password for different purposes which is bad. If it leaks in one platform, you'll become a 360deg victim. A password manager is cool.

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

Coinomi denies all responsibility and basically says too bad so sad.

I do not think that it's from the end of Coinomi. You didn't mention how you access your wallet, maybe from an insecure device, using public network, et

Quote from: Pmalek on May 15, 2023, 02:16:26 AM

Whenever there is a discrepancy, the first thing you do is to check the transaction history. Look for outgoing transactions you didn't make. If the software reports that it's up-to-date and the transaction history is ok, then check your address/addresses on blockchain explorers. Again, if there is nothing unusual there and it doesn't show unknown transactions, you can safely say there is something wrong with your wallet.

Very good way to trace a discrepancy in your wallet. But I have a concern, if the allegations that the developers behind a closed source wallets manipulate is real. Will it not be easy for them to wipe the transaction history from the wallet. Then, the victim won't have any link to the blockchain immutable ledger to verify.

rat03gopoh

hero member

Activity: 2002

Merit: 633

Your keys, your responsibility

Quote from: Artytom on May 14, 2023, 02:28:44 PM

I thought the same thing had happened to my eth in my coinomi wallet but resetting the app cache and restarting then loading the eth coin restored it.

It is impossible to recover crypto sent to an address other than yours, or you actually wanna say that the balance is just not reflected correctly so your case is different from the OP's.
But in essence, you're not recommended to keep using the Coinomi wallet if you read some of the facts above.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

Quote from: Artytom on May 14, 2023, 02:28:44 PM

I thought the same thing had happened to my eth in my coinomi wallet but resetting the app cache and restarting then loading the eth coin restored it.

Whenever there is a discrepancy, the first thing you do is to check the transaction history. Look for outgoing transactions you didn't make. If the software reports that it's up-to-date and the transaction history is ok, then check your address/addresses on blockchain explorers. Again, if there is nothing unusual there and it doesn't show unknown transactions, you can safely say there is something wrong with your wallet.

Artytom

newbie

Activity: 6

Merit: 2

I thought the same thing had happened to my eth in my coinomi wallet but resetting the app cache and restarting then loading the eth coin restored it.

pooya87

legendary

Activity: 3444

Merit: 10537

Quote from: DaveF on April 27, 2023, 12:06:40 PM

IMO Coinomi has gone from an active project to a 'side hobby' of whoever is maintains it.
Their social media is just about dead. XMR and other coins are having issues and a few other minor things come to mind.

Fading activity and interest of the owners of the project could be seen as a negative sign since they could have reached the conclusion that this project is not going to make them the money they were hoping for. The risky part is that they could decide to "run away" but not before stealing some money from their users.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: bettercrypto on April 26, 2023, 11:44:17 AM

It's sad that there has been theft of assets from other communities here in the crypto space. Both of you are retired and then the same thing happened.

As far as I know, this coinomi does not provide the latest updates on their social media platforms. Their last announcement on twitter was in April 2022, after these times they have not given any latest plan and development for the community of coinomi and there are many users complaining about it.

IMO Coinomi has gone from an active project to a 'side hobby' of whoever is maintains it.
Their social media is just about dead. XMR and other coins are having issues and a few other minor things come to mind.

This is not to say it's any less safe then it was or worse then any other closed source hot wallet, just that it's not as actively supported as it once was.
The flip side is that there are some actively supported wallets that do suck so there is that......

Just as people have issues it looks like it's going to fall more on the community to support them then Coinomi.

-Dave

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: virasog on April 25, 2023, 06:59:39 PM

I never advise newbies or recommend them to use centralized wallets or exchanges. The only thing i am saying is that they should educate themselves on how to secure the seed phrases before storing their crypto in wallets like Electrum. Yes, the process is easy to learn but there may be some who may never want to learn. Sad

I get the thing you are saying now, but i don't think they should educate themselves by depositing their money into centralized exchanges and leaving it there for the period of learning, they may lose it before they learn anything. Newbies can start directly with Electrum, it is easier to use and set up that registering on a centralized exchange and giving them your kyc documents, so Electrum is a good start, and i think everyone knows how to hide something, so with good opsec they will keep their seed phrase safe, and afterwards they can start learning things like how to set up a wallet in an air-gapped way and how to use a hardware wallet, etc.

bettercrypto

sr. member

Activity: 1316

Merit: 268

★Bitvest.io★ Play Plinko or Invest!

It's sad that there has been theft of assets from other communities here in the crypto space. Both of you are retired and then the same thing happened.

As far as I know, this coinomi does not provide the latest updates on their social media platforms. Their last announcement on twitter was in April 2022, after these times they have not given any latest plan and development for the community of coinomi and there are many users complaining about it.

Aikidoka

sr. member

Activity: 1078

Merit: 342

Sinbad Mixer: Mix Your BTC Quickly

Quote from: virasog on April 25, 2023, 06:59:39 PM

I never advise newbies or recommend them to use centralized wallets or exchanges. The only thing i am saying is that they should educate themselves on how to secure the seed phrases before storing their crypto in wallets like Electrum. Yes, the process is easy to learn but there may be some who may never want to learn. Sad

It's true that many newbies do not take security as a serious deal and no joke about it, but it's actually one of the most important aspects to consider when creating a Bitcoin wallet. It's crucial to think carefully about how to secure your seed phrase, private keys, and passwords from potential hackers. I would not recommend trusting any centralized hot wallet, but instead I'll suggest at least to create an open-source wallet like Electrum. It would be even better to use a hardware wallet or make your electrum wallet air-gapped, which is impossible to hack online, but only just physically.

Unfortunately, many people only learn about the importance of security after experiencing a loss or hack Sad

. It's essential to prioritize security when dealing with Bitcoin, rather than focusing solely on earning more BTC.

pooya87

legendary

Activity: 3444

Merit: 10537

Quote from: virasog on April 25, 2023, 06:59:39 PM

The reason i said this because newbies are well aware and used to access the websites which are accessed by passwords only. You can see the OP example where he loses the funds from Coinomi wallet and it is most probably because he was not able to safe guard his private seed (though he do not admit his mistake)

That makes more sense. Although I still wouldn't call it "the best" but I can see the benefit of using a custodial account for certain types of people who have a hard time using things that are different. But only as long as they see it as the transitional wallet, something they use first but are planning on moving on from it to a better solution.

virasog

legendary

Activity: 2954

Merit: 1159

Quote from: pooya87 on April 20, 2023, 01:36:31 AM

Quote from: virasog on April 18, 2023, 07:31:55 PM

The best bet for the Newbies is to use a centralized exchange and / or centralized wallet which is controlled by the password and 2fa.

People should never sacrifice security for convenience even newbies. The centralized exchanges and in general all custodian accounts are very risky to use regardless of how convenient they may look like. There are countless cases of exchanges being hacked, accounts being shut down for no reason, exchanges scamming their users and running away, etc. No amount of password and 2FA can save you from it.

The reason i said this because newbies are well aware and used to access the websites which are accessed by passwords only. You can see the OP example where he loses the funds from Coinomi wallet and it is most probably because he was not able to safe guard his private seed (though he do not admit his mistake)

Quote from: Z-tight on April 20, 2023, 04:18:00 AM

Quote from: virasog on April 18, 2023, 07:31:55 PM

The best bet for the Newbies is to use a centralized exchange and / or centralized wallet which is controlled by the password and 2fa. Newbies know this stuff and until they learn about the seed phrases, wallets, and stuff the best option would be the centralized wallets.

No, this is not a recommended advice to give to newbies, if newbies start storing their funds in a centralized exchange, it will be hard for them to stop it, and before you know it they could have a large amount of funds stored in a centralized exchange, which is not safe for them, centralized exchanges gamble with users money, they can be hacked or they can even confiscate users funds without any notice. Newbies can start with a wallet like Electrum, it is so easy to use and they will have their seed phrase, though it is a hot wallet, but with time they will learn how to set up and use an airgapped computer in a safe enviroment or use a hardware wallet easily.

I never advise newbies or recommend them to use centralized wallets or exchanges. The only thing i am saying is that they should educate themselves on how to secure the seed phrases before storing their crypto in wallets like Electrum. Yes, the process is easy to learn but there may be some who may never want to learn. Sad

Z-tight

hero member

Activity: 854

Merit: 1031

Only BTC

Quote from: virasog on April 18, 2023, 07:31:55 PM

The best bet for the Newbies is to use a centralized exchange and / or centralized wallet which is controlled by the password and 2fa. Newbies know this stuff and until they learn about the seed phrases, wallets, and stuff the best option would be the centralized wallets.

No, this is not a recommended advice to give to newbies, if newbies start storing their funds in a centralized exchange, it will be hard for them to stop it, and before you know it they could have a large amount of funds stored in a centralized exchange, which is not safe for them, centralized exchanges gamble with users money, they can be hacked or they can even confiscate users funds without any notice. Newbies can start with a wallet like Electrum, it is so easy to use and they will have their seed phrase, though it is a hot wallet, but with time they will learn how to set up and use an airgapped computer in a safe enviroment or use a hardware wallet easily.

pooya87

legendary

Activity: 3444

Merit: 10537

Quote from: virasog on April 18, 2023, 07:31:55 PM

The best bet for the Newbies is to use a centralized exchange and / or centralized wallet which is controlled by the password and 2fa.

People should never sacrifice security for convenience even newbies. The centralized exchanges and in general all custodian accounts are very risky to use regardless of how convenient they may look like. There are countless cases of exchanges being hacked, accounts being shut down for no reason, exchanges scamming their users and running away, etc. No amount of password and 2FA can save you from it.

Topic: Coinomi wallet hacked, all funds stolen (Read 915 times)