Coinomi wallet hacked, all funds stolen - page 3.

Agbe

hero member

Activity: 854

Merit: 1246

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The wallet was drained on Feb 14th. The password was in my head not on paper. The seed phrase was on paper in a safe which only I have access to. Coinomi denies all responsibility and basically says too bad so sad. My wife and I are retired, the wallet held our "safe" retirement cash savings. Stay away from this wallet.

Op did you login your wallet in another person's device which you forgot to logout? Even though coinomi is a close source wallet I don't think they took your Coins back to themselves but I am suspecting someone very close bto you did it. Normally wallet password is always in the brain and it is not written down on paper except the seed phrase which is very long to memorize. I believed it was your carelessness make the person to transfer the coins to his or her wallet.
I have heard such similar story ina family, a boy took his mom phone and transfer $20 to his account and delete the debit alert from the mother's phone so that she would not know that he took the money from her account, and finally he was caught on other times. So I am trying to also think from that angle too that someone you know might have used your device to do the transfer and returned or dropped it the way it was so you wouldn't notice.

virasog

legendary

Activity: 2954

Merit: 1159

Quote from: hosseinimr93 on March 06, 2023, 09:43:14 AM

Coinomi is a close-source wallet and we don't know how the keys are generated and whether they have access to users keys or not.
Take note that this doesn't mean they have definitely stolen you fund. There can be many other reasons.

1. It's possible that you used a weak password and someone was able to brute-force it.
2. It's possible that someone had access to your seed phrase.
3. It's possible that your device was compromised.

Even if they have stolen your fund, it's still your own fault. Because you used a close-source wallet.

Do you think coinomi themselves stole these funds because it is closed source and they can get access to keys or anything ?

The coinomi wallet is being used by so many people and they have a name in the market. They would not stole people funds, as if they do, they will have a bad reputation and people will stop using this wallet.

Another argument can be that they stole from this one wallet which may have contain billion or trilions of dollars, i don't think anyone's retirement saving can be something so big that coinomi decided to scam. I guess there may be fault at the OP end which made him lose all his money.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: pooya87 on March 12, 2023, 12:44:42 AM

Quote from: doomloop on March 10, 2023, 03:49:09 AM

Regarding Coinomi, it's not uncommon for wallet providers to disclaim responsibility for lost funds, especially if the funds were not stolen due to a flaw in the wallet software or the company's infrastructure. So what they said is all they can do actually.

That only works for open source software that is released under certain licenses such as MIT that ensures the developers aren't liable for any "damages". But for a closed source software that we can't even verify where the vulnerability was that led to the loss, it should not work although the companies behind them will make it work.

Actually it's in the ToS that nobody reads. And stated a few other times & places. More or less it boils down to 'we are not responsible for anything' and although not with Coinomi specifically similar ToS it have made it though the courts in a few places and so long as it was not hidden and mentioned several times it's been upheld. Nobody is making you closed source software with an iffy reputation. Nobody is making you not use a hardware wallet / multisig wallet. Nobody is forcing you to store your funds in a hot wallet. And so on.

Perhaps a bit harsh, but in the end it's what it comes down to.

-Dave

pooya87

legendary

Activity: 3444

Merit: 10537

Quote from: doomloop on March 10, 2023, 03:49:09 AM

Regarding Coinomi, it's not uncommon for wallet providers to disclaim responsibility for lost funds, especially if the funds were not stolen due to a flaw in the wallet software or the company's infrastructure. So what they said is all they can do actually.

That only works for open source software that is released under certain licenses such as MIT that ensures the developers aren't liable for any "damages". But for a closed source software that we can't even verify where the vulnerability was that led to the loss, it should not work although the companies behind them will make it work.

bettercrypto

sr. member

Activity: 1316

Merit: 268

★Bitvest.io★ Play Plinko or Invest!

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The wallet was drained on Feb 14th. The password was in my head not on paper. The seed phrase was on paper in a safe which only I have access to. Coinomi denies all responsibility and basically says too bad so sad. My wife and I are retired, the wallet held our "safe" retirement cash savings. Stay away from this wallet.

It's sad what happened to you, as everything in your coinomi wallet was drained? How long have you been using that wallet? Are you new to coinomi?

in that situation, it's a bit stressful on your part, since you're retired, that means you're old enough, I hope you're okay after things like that happen to you, I also hope that if you save crypto, it's good to just buy a hardware wallet or use you of Electrum wallet.

doomloop

hero member

Activity: 2268

Merit: 581

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The wallet was drained on Feb 14th. The password was in my head not on paper. The seed phrase was on paper in a safe which only I have access to. Coinomi denies all responsibility and basically says too bad so sad. My wife and I are retired, the wallet held our "safe" retirement cash savings. Stay away from this wallet.

I'm sorry to hear about your loss, I can understand how stressful and saddening that can be.

Regarding Coinomi, it's not uncommon for wallet providers to disclaim responsibility for lost funds, especially if the funds were not stolen due to a flaw in the wallet software or the company's infrastructure. So what they said is all they can do actually.

You need to always do your due diligence and research a wallet provider before trusting them with your funds. Look for wallets that have a proven track record of security and have been audited by third-party security experts. Also, consider using hardware wallets, which are generally considered to be more secure than software wallets, as they store your private keys offline.

taufik123

legendary

Activity: 2464

Merit: 1703

airbet.io

Quote from: Lucius on March 08, 2023, 07:56:18 AM

I probably have some coins in old Electrum wallets, but regardless of caution and premium AV protection and the fact that I do not use the computer for any risky activities, I would still not recommend anyone who has a choice to keep more than what they are ready to lose in any hot wallet. We are aware of some dangers such as clipboard malware or fake wallets, but the bad guys who try to steal our coins never sleep and we can never know when they will find some vulnerability in Windows OS or Electrum itself.

The danger of malware is always lurking when the device is used for activities on the internet.
But for the use of the electrum wallet on the device that I use, it is only a second wallet or wallet to receive payments from signature campaigns and some other payments, not a main wallet.

I am aware that Electrum's vulnerability also depends on how we use the device.
I also always separate the Seed wallet from the device used and the storage I use for Offline seeds is not connected to any internet and also in physical form.

Pmalek

legendary

Activity: 2730

Merit: 7065

Farewell, Leo. You will be missed!

A lot of more information could have been added to the OP.

- Was it Coinomi mobile or the desktop version?
- What activities is the device with the wallet used for?
- You said you were retired. Can we assume you are +60? How good are you with general online security, and do you know how to protect yourself?

Quote from: Justtoons on March 06, 2023, 09:54:18 AM

But did you keep your seed phrase in a safe location, how sure are you that only you have access to it.

The questions were already answered in the OP. He/she said that the seed is kept in a safe and only OP can access it.

Quote from: Justtoons on March 06, 2023, 09:54:18 AM

My advice is that you should create a new wallet and this time use a much stronger password.

I hope you don't mean a new wallet on Coinomi. I wouldn't use any software wallet for money I consider my "retirement funds". Go for a quality hardware wallet or an airgapped system. Sadly, it's too late to do anything about it for OP regarding the coins that disappeared.

Quote from: taufik123 on March 06, 2023, 11:10:00 AM

and Electrum is the answer, more secure and free and Open Source.

That depends on how you use it. The mobile app or Electrum on desktop as hot wallet are still vulnerable software wallets. Its open-source nature isn't going to protect you from getting hacked if you make a serious mistake. However, Electrum as a cold wallet is one of the best options there are.

Lucius

legendary

Activity: 3220

Merit: 5634

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: taufik123 on March 07, 2023, 09:47:02 PM

I keep some assets in Electrum Windows and it's still safe, as long as users can keep themselves safe and use premium antivirus protection.

I probably have some coins in old Electrum wallets, but regardless of caution and premium AV protection and the fact that I do not use the computer for any risky activities, I would still not recommend anyone who has a choice to keep more than what they are ready to lose in any hot wallet. We are aware of some dangers such as clipboard malware or fake wallets, but the bad guys who try to steal our coins never sleep and we can never know when they will find some vulnerability in Windows OS or Electrum itself.

taufik123

legendary

Activity: 2464

Merit: 1703

airbet.io

Quote from: NotATether on March 07, 2023, 02:56:44 AM

Why are people with thousands of dollars in cryptocurrency still chasing airdrops that will only give you $5 dollars. Is it really worth the risk (let alone the gigantic waste of time it is)?

If you ask why are people with thousands of dollars in cryptocurrency still chasing airdrops? The answer is of course because some airdrops provide sizable incentives. Airdrops don't just do tasks share, like and fill out assignments and get a $5 reward.

Currently, some of the airdrops are quite hidden, those who try Tesnet on a new network, try a new platform, and make some transactions have a chance to get an airdrop for early adopters. We all already know about the UNISWAP, 1INCH, ENS airdrops, and several new airdrops for NFT users, namely BLUR, they get thousands or even hundreds of thousands of dollars from the airdrop.

For those who don't understand how to get the jackpot on multiple airdrops it might seem like a waste of time, but they do some research first. Because many of my friends (including me) get several airdrops that can replace all the gas fees used for conducting trials etc.

Quote from: NotATether on March 07, 2023, 02:56:44 AM

Don't store any cryptocurrency on Windows. Not even Linux if it is running inside a Windows host.

I keep some assets in Electrum Windows and it's still safe, as long as users can keep themselves safe and use premium antivirus protection.
I also use Hardware Wallet as the main storage and it is not connected to other devices.

gunhell16

sr. member

Activity: 1666

Merit: 453

Based on what I discovered here at coinomi, although it has been around for a long time in the crypto space, it seems that there have been many issues with these wallet apps that have not solved the problems of their users.

According to the Trustpilot review, the latest negative feedback here was only last February 2023, and even every month of the last year 2022, coinomi has issues with its users from January to December, no issues have been resolved and those that are not beautiful and can be a reason for anyone to stop using it in this community.

Coinomi Unresolved issues

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: NotATether on March 07, 2023, 02:56:44 AM

Don't store any cryptocurrency on Windows. Not even Linux if it is running inside a Windows host.

How about this instead:

Don't store any cryptocurrency that you cannot afford to loose on ~~Windows~~ ANY DEVICE CONNECTED TO THE INTERNET WITHOUT A HARDWARE WALLET. Not even Linux ~~if it is running inside a Windows host~~ is secure against everything and if you do something wrong because you were not fully paying attention since you have done it a hundred times before, no matter how secure you think you are your crypto is gone.

Telling people to use this OS vs that may help in the desktop environment, but it still comes down to the user.

If you are not familiar with linux / windows / mac OS an older un-patched un-secured version of an OS you know may actually be more secure then one you don't since you are not trying to figure something out while trying to move money around.

-Dave

Ben Barubal

member

Activity: 476

Merit: 16

Eloncoin.org - Mars, here we come!

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The wallet was drained on Feb 14th. The password was in my head not on paper. The seed phrase was on paper in a safe which only I have access to. Coinomi denies all responsibility and basically says too bad so sad. My wife and I are retired, the wallet held our "safe" retirement cash savings. Stay away from this wallet.

What was your issue with coinomi? apart from the fact that your assets were drained on February 14 2023? You didn't recover it? have you reported this to coinomi support? As far as I know, this coinomi has been around for a long time.

But I think there are a lot of people complaining here at coinomi because last year there were a lot of people who used this app and most of them didn't get their assets out and others made deposits but what they deposited didn't arrive at the address they gave. And the other is that the support does not even care about the concern issues of its users.

rat03gopoh

hero member

Activity: 2002

Merit: 633

Your keys, your responsibility

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The password was in my head not on paper.

Is that a series of words that are easy to guess? Then it's useless. Btw, the seed phrase can also be seen on the settings page right? simply use a password to access it (or biometrics if you enable it). As I recall, Android devices can add multiple biometric IDs. If in fact there is other IDs on your device, I don't think you need to suspect it's a malware attack, wallet vulnerability, or other online attacks.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: taufik123 on March 06, 2023, 11:10:00 AM

Apart from that, other methods such as phishing dApps pages are usually found in several airdrops which require connecting using dApps and finally the hacker has control over the wallet. To be able to overcome these hacking attempts, you can Revoke several suspected dApps.
https://study.bitkeep.com/en/?ht_kb=dapp-authorization-scam

Why are people with thousands of dollars in cryptocurrency still chasing airdrops that will only give you $5 dollars. Is it really worth the risk (let alone the gigantic waste of time it is)?

PS.

Don't store any cryptocurrency on Windows. Not even Linux if it is running inside a Windows host.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The wallet was drained on Feb 14th. The password was in my head not on paper. The seed phrase was on paper in a safe which only I have access to. Coinomi denies all responsibility and basically says too bad so sad. My wife and I are retired, the wallet held our "safe" retirement cash savings. Stay away from this wallet.

Sorry, but this is ultimately your own fault, this is a hot wallet and there is always a risk that something gets leaked if you are not careful.
I bet if I scanned your device used for installing Coinomi (probably with wInD0ws OS) that I would find several malware, or software that records what you type.
That is why people invented hardware wallets and that is why they are using airgapped devices.
On top of everything, Copinomi is closed source software, it's mistake using closed source Bitcoin wallets.

Rigon

sr. member

Activity: 994

Merit: 441

Op are you sure that your seed phrase was very safe? I don't think so. Maybe someone stole from you. Which you don't think at all. I have never used the wallet you used. But why did you set such a weak wallet for your hard earned money. You should better choose a secure wallet and keep your funds there. This case of yours seems really sad to me.

DaveF

legendary

Activity: 3458

Merit: 6231

Crypto Swap Exchange

Quote from: hosseinimr93 on March 06, 2023, 10:34:21 AM

Quote from: S A KHAIR on March 06, 2023, 10:26:21 AM

It's hard to tell if it's their fault or yours,

It's OP's fault.
Even if there was a vulnerability or a backdoor caused OP to lose the fund, it's still OP's fault that he/she used a close-source wallet while there are many good open-source wallets.

Closed / open does not matter when you get to the fact that crypto was stored in an online hot wallet.
As I have said dozens of times. I use Coinomi on my phone, I know it's unsafe. But, on that note so is electrum on my phone, and desktop because wait for it.....it's a hot wallet on an internet connected device.

Any real funds are stored offline and secured with hardware.

-Dave

Lucius

legendary

Activity: 3220

Merit: 5634

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The wallet was drained on Feb 14th.

Then you didn't really have a happy Valentine's Day - but someone else obviously had a smile on their face...

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

The password was in my head not on paper. The seed phrase was on paper in a safe which only I have access to.

Has the password ever been written down on paper or anywhere online? In any case, keeping such information in your head is a bad option, not only because you can forget it naturally, but also because of a possible head injury. Are you sure only you had access to the safe?

Quote from: Bud1951 on March 06, 2023, 09:28:09 AM

Coinomi denies all responsibility and basically says too bad so sad. My wife and I are retired, the wallet held our "safe" retirement cash savings. Stay away from this wallet.

What else do you expect them to say? No matter how much you think it's the wallet's fault, it's hardly an inside job - because if there was any vulnerability, hundreds or even thousands of wallets would be emptied. No matter how you look at it, you and your wife should have been much smarter and informed yourself first, and if you had done that, maybe this wouldn't have happened.

taufik123

legendary

Activity: 2464

Merit: 1703

airbet.io

Quote from: mk4 on March 06, 2023, 09:46:49 AM

The thing with software wallets is that there's always a chance of a private key leak simply due to the fact that your wallet's private keys were generated through your computer/mobile device. And add the fact that it's closed source? We have no idea how secure the wallet app is.

Private key leak due to user negligence and the device used is infected with malware or trapped on a phishing website which requires entering the private key. Quite often such hacks happen, even I also get a lot of spam emails that redirect to phishing websites.

and what becomes even more dangerous is when the address or wallet that we have is exposed to a dusting attack and has been marked and sent with several foreign coins that cannot be traded.
https://en.wikipedia.org/wiki/Dusting_attack

Apart from that, other methods such as phishing dApps pages are usually found in several airdrops which require connecting using dApps and finally the hacker has control over the wallet. To be able to overcome these hacking attempts, you can Revoke several suspected dApps.
https://study.bitkeep.com/en/?ht_kb=dapp-authorization-scam

Quote from: mk4 on March 06, 2023, 09:46:49 AM

Next time, grab a hardware wallet.

Highly recommended, but choose a hardware wallet that is really suitable because there are currently various types of hardware wallets available.

Quote from: hosseinimr93 on March 06, 2023, 10:00:39 AM

No. OP shouldn't use Coinomi anymore and should go for an open-source wallet.
As I already said, coinomi is close-source and even if you use a strong password, there is no guarantee that your wallet is safe.

and Electrum is the answer, more secure and free and Open Source.
If really want to use a Multi-Wallet, then the last, safest choice is a Hardware wallet

Quote from: hosseinimr93 on March 06, 2023, 10:00:39 AM

It may worth mentioning that even if you use a trustworthy open-source wallet an an online device, your fund isn't still completely secure. Any online device is prone to hacking.

Every online device will still have the risk of hacking.
Besides that, the user's vigilance and how he keeps his wallet safe also matter.
No matter how secure the user is, the loss of assets may occur.

Topic: Coinomi wallet hacked, all funds stolen - page 3. (Read 915 times)