Topic: Coinomi Wallet - Looking For Honest Reviews (Read 1456 times)
Coinomi and OWNR are two closed-source wallets I trust. I like that Coinomi is user-friendly and supports a lot of altcoins.
Further to that, and unlike what was written on media, nothing was transmitted in plain text [...]
I never claimed it was transmitted in plain text.
But you seem to miss the point here.
You (@Coinomi) made a statement regarding the vulnerability:
[...] We don't believe that any side claims that the seed was sent in plain text, the "victim" (aka blackmailer) has always claimed that his seed was sent encrypted to Google and then a Google employee used it to steal his funds. We have millions of users but only his funds was stolen - and stolen by Google. We expect people on this forum to be smarter than that. And yes, you can verify that everything was broadcasted over HTTPS, just ask the "researchers" who made a case out of it in the first place to send you a copy of the wallet executable, install it on a sandbox and run a packet sniffer to see for yourself.
I don't understand how you can expect people to believe you are competent when there are such statements, justifying themselves by saying ".. oh hey at least it was encrypted".
You obviously did not understand how severe that vulnerability was and that google is not the only actor who can abuse that vulnerability to steal funds.
The arrogance and incompetence paired with the fact that the wallet is closed source is a huge red flag.
Hi @Brenny_Coinomi, since you are Coinomi's rep who's active here. I have a question about your wallet upgrade. I updated the coinomi android wallet after a long time of not updating it but as I was trying to log in with my fingerprint. A window pops up asking me to upgrade my wallet.
It says
"Your wallet needs to be upgraded to support new cryptographic functionality
(Optional) BIP39 passphrase
________________________________"
My question is
1. Which new cryptographic functionality are we talking about?
2. Why is there need to enter the BIP39 passphrase?
It says
"Your wallet needs to be upgraded to support new cryptographic functionality
(Optional) BIP39 passphrase
________________________________"
My question is
1. Which new cryptographic functionality are we talking about?
2. Why is there need to enter the BIP39 passphrase?
The new functions are new cryptographic curves used by some coins. If your wallet doesn't have a BIP39 passphrase, you should leave the field empty. The BIP39 is needed because to create the required keys for these new curves, it needs the root master key of your wallet. For security, the BIP39 isn't saved anywhere in your device's memory, so it needs to be provided again.
Hi @Brenny_Coinomi, since you are Coinomi's rep who's active here. I have a question about your wallet upgrade. I updated the coinomi android wallet after a long time of not updating it but as I was trying to log in with my fingerprint. A window pops up asking me to upgrade my wallet.
It says
"Your wallet needs to be upgraded to support new cryptographic functionality
(Optional) BIP39 passphrase
________________________________"
My question is
1. Which new cryptographic functionality are we talking about?
2. Why is there need to enter the BIP39 passphrase?
It says
"Your wallet needs to be upgraded to support new cryptographic functionality
(Optional) BIP39 passphrase
________________________________"
My question is
1. Which new cryptographic functionality are we talking about?
2. Why is there need to enter the BIP39 passphrase?
I bought some USDC and sent them to my Coinomi wallet, but they have never appear on the wallet. I have no way to use them, despite I can still see them on the Etherscan.
Hi, We're having a refresh problem with ETH, so new transactions aren't appearing at the moment. Once resolved, every transaction will appear automatically in the app and balances will update. Apologies for the inconvenience. If you must send your coins immediately, you can link your address to MyEtherWallet and make the transaction from there. Instructions can be found here: https://coinomi.freshdesk.com/support/solutions/articles/29000016910-linking-to-myetherwallet-mew-
Coinomi has quite a few problems. And one of them is the fact that the developers are pretty incompetent.
I hope you can fix your issue somehow. It might be just a connection error, can you confirm that you actually have an active connection and the up-to-date version?
After you gained access, you might want to user a proper open-source wallet, and not a wallet whose developer think its not a severe vulnerability to spell-check your mnemonic code with the use of google.
I'd definitely suggest you to not use coinomi after fixing your issue.
I hope you can fix your issue somehow. It might be just a connection error, can you confirm that you actually have an active connection and the up-to-date version?
After you gained access, you might want to user a proper open-source wallet, and not a wallet whose developer think its not a severe vulnerability to spell-check your mnemonic code with the use of google.
I'd definitely suggest you to not use coinomi after fixing your issue.
To elaborate on your reply above, we now have solid evidence that AW money being referred to was stolen by a group of hackers who were active before we even published the first version of the desktop software with the problematic code you mentioned. The detailed report can be found here: https://medium.com/@cipherblade/how-not-to-react-when-your-cryptocurrency-is-stolen-92f7c72616af. Further to that, and unlike what was written on media, nothing was transmitted in plain text and no user ever lost money by this bug or by using Coinomi since its inception back in 2014. We strongly advise you to double-check the facts behind a story before reproducing it because all we've ever done all these years was to support the crypto community and help spread the message around the globe and now we need your support. To contribute to your original reply, there are several "proper open-source wallets" that were hacked or had serious bugs that resulted in permanent loss of funds, something that never happened with Coinomi.
Even with the mentions of Coinomi developers incompetence it is a widely used wallet. For some reason or other I never used it, I think I might have downloaded it around the time I started this thread but I was never very comfortable with it but I could never put my finger on it, I would cite it as a gut feeling.
I do think that with other options out there your advice about not using Coinomi after his issue is resolved is correct, if someone had a bad experience with a wallet then better to move on but only with caution and after carrying out lots of research.
Coinomi has quite a few problems. And one of them is the fact that the developers are pretty incompetent.
I hope you can fix your issue somehow. It might be just a connection error, can you confirm that you actually have an active connection and the up-to-date version?
After you gained access, you might want to user a proper open-source wallet, and not a wallet whose developer think its not a severe vulnerability to spell-check your mnemonic code with the use of google.
I'd definitely suggest you to not use coinomi after fixing your issue.
I do think that with other options out there your advice about not using Coinomi after his issue is resolved is correct, if someone had a bad experience with a wallet then better to move on but only with caution and after carrying out lots of research.
I bought some USDC and sent them to my Coinomi wallet, but they have never appear on the wallet. I have no way to use them, despite I can still see them on the Etherscan.
Coinomi has quite a few problems. And one of them is the fact that the developers are pretty incompetent.
I hope you can fix your issue somehow. It might be just a connection error, can you confirm that you actually have an active connection and the up-to-date version?
After you gained access, you might want to user a proper open-source wallet, and not a wallet whose developer think its not a severe vulnerability to spell-check your mnemonic code with the use of google.
I'd definitely suggest you to not use coinomi after fixing your issue.
I bought some USDC and sent them to my Coinomi wallet, but they have never appear on the wallet. I have no way to use them, despite I can still see them on the Etherscan.
Coinomi has quite a few problems. And one of them is the fact that the developers are pretty incompetent.
I hope you can fix your issue somehow. It might be just a connection error, can you confirm that you actually have an active connection and the up-to-date version?
After you gained access, you might want to user a proper open-source wallet, and not a wallet whose developer think its not a severe vulnerability to spell-check your mnemonic code with the use of google.
I'd definitely suggest you to not use coinomi after fixing your issue.
I bought some USDC and sent them to my Coinomi wallet, but they have never appear on the wallet. I have no way to use them, despite I can still see them on the Etherscan.
Are you using the mobile wallet or desktop wallet?Is your wallet fully sncyed?
From the information I can see, the support USDC. If the problem persists, try contacting their support - https://coinomi.freshdesk.com/support/home
I bought some USDC and sent them to my Coinomi wallet, but they have never appear on the wallet. I have no way to use them, despite I can still see them on the Etherscan.
I ask about coinomi because i still yet to claim my bitcoin gold...
ANY wallet on a phone that you do not think is secure IS NOT SECURE
There is no security you can use other then a separate hardware device to make it secure if the phone has been compromised.
If you do not think your phone is safe do not store any more crypto on it then can afford to loose.
-Dave
There is no security you can use other then a separate hardware device to make it secure if the phone has been compromised.
If you do not think your phone is safe do not store any more crypto on it then can afford to loose.
-Dave
The advantage is convenience.
I have the majority of my BTC in cold storage x of y multisig with a password.
I have some "warm" in a hardware wallet.
I have my day to day spending in a multicoin wallet on my phone. I know the risk.
Same way. I have most of my fiat sitting in a bank.
I have some of it locked away in a fireproof safe @ home
I have my day to day spending in the wallet I carrry with me.
YMMV on what the amounts are for each type of storage are good for you. But if you want to send someone $20 in crypto, do you really want to deal with a hardware wallet that you have to carry with you, or do you want to whip out your phone, scan a QR code, and go.
-Dave
I have the majority of my BTC in cold storage x of y multisig with a password.
I have some "warm" in a hardware wallet.
I have my day to day spending in a multicoin wallet on my phone. I know the risk.
Same way. I have most of my fiat sitting in a bank.
I have some of it locked away in a fireproof safe @ home
I have my day to day spending in the wallet I carrry with me.
YMMV on what the amounts are for each type of storage are good for you. But if you want to send someone $20 in crypto, do you really want to deal with a hardware wallet that you have to carry with you, or do you want to whip out your phone, scan a QR code, and go.
-Dave
I agree with thiose both statements.
I like to use this "metric" when using mobile wallets:
Never put more money in a mobile wallet than the value of your smartphone.
Hard to argue with that view. Simply do not keep crypto on your phone unless it is absolutely necessary and only what you are prepared to lose.
ANY wallet on a phone that you do not think is secure IS NOT SECURE
There is no security you can use other then a separate hardware device to make it secure if the phone has been compromised.
If you do not think your phone is safe do not store any more crypto on it then can afford to loose.
-Dave
Is there any risk of downloaded coinomi on your iphone if there is a chance your iphone might be not secure?
ANY wallet on a phone that you do not think is secure IS NOT SECURE
There is no security you can use other then a separate hardware device to make it secure if the phone has been compromised.
If you do not think your phone is safe do not store any more crypto on it then can afford to loose.
-Dave
Is there any risk of downloaded coinomi on your iphone if there is a chance your iphone might be not secure?
Don't you use a Ledger hardware wallet? I remember your name jerry0 from numerous posts you made in the past where you asked different things about Ledger and whatnot. I see no advantage of using Coinomi if you have a hardware wallet. And to answer your question, none of your apps on your phone are secure if you believe your phone isn't. And you phone isn't designed to be a permanent crypto bank.
The advantage is convenience.
I have the majority of my BTC in cold storage x of y multisig with a password.
I have some "warm" in a hardware wallet.
I have my day to day spending in a multicoin wallet on my phone. I know the risk.
Same way. I have most of my fiat sitting in a bank.
I have some of it locked away in a fireproof safe @ home
I have my day to day spending in the wallet I carrry with me.
YMMV on what the amounts are for each type of storage are good for you. But if you want to send someone $20 in crypto, do you really want to deal with a hardware wallet that you have to carry with you, or do you want to whip out your phone, scan a QR code, and go.
-Dave
Is there any risk of downloaded coinomi on your iphone if there is a chance your iphone might be not secure?
Don't you use a Ledger hardware wallet? I remember your name jerry0 from numerous posts you made in the past where you asked different things about Ledger and whatnot. I see no advantage of using Coinomi if you have a hardware wallet. And to answer your question, none of your apps on your phone are secure if you believe your phone isn't. And you phone isn't designed to be a permanent crypto bank.
Even if there is the slightest chance or probability that your phone could have downloaded any malware or malicious software then you have your answer.
As a rule many people only use their phone for holding a small amount of Bitcoin or altcoins or only those coins that are so obscure that they cannot find a decent wallet to keep them on.
Either way many people only hold those coins on their phones that they are willing to lose in the event of a hack and not be too sad about them.
As a rule many people only use their phone for holding a small amount of Bitcoin or altcoins or only those coins that are so obscure that they cannot find a decent wallet to keep them on.
Either way many people only hold those coins on their phones that they are willing to lose in the event of a hack and not be too sad about them.
Is there any risk of downloaded coinomi on your iphone if there is a chance your iphone might be not secure?
Is there any risk of downloaded coinomi on your iphone if there is a chance your iphone might be not secure?
ANY wallet on a phone that you do not think is secure IS NOT SECURE
There is no security you can use other then a separate hardware device to make it secure if the phone has been compromised.
If you do not think your phone is safe do not store any more crypto on it then can afford to loose.
-Dave
Is there any risk of downloaded coinomi on your iphone if there is a chance your iphone might be not secure?
But Coinomi does allow you to change the server it talks to (on the mobile version). Don't trust them for privacy, use your own server.
You can actually install a sniffer on your Wi-Fi and see that yes, once you change it it never talks back to them. On mine it has not pinged back for months except for update checks.
You can actually install a sniffer on your Wi-Fi and see that yes, once you change it it never talks back to them. On mine it has not pinged back for months except for update checks.
invasion of your privacy doesn't have to happen on every communication. with HD wallets sending the master key (hopefully public not private!!) to their servers would do the trick since they will have all your future addresses and transactions.
and assuming that communication to their servers is encrypted (which it should, using SSL) then you can't "sniff" it anymore. you may just see it communicated which may be to check for updates or may have been sending your information to their servers...
Which is why you should NEVER EVER INSTALL A WALLET ON A PC / LAPTOP / PHONE THAT YOU DO NOT OWN and control.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/intercepting-ssl-and-https-traffic-with-mitmproxy-and-sslsplit/
Don't think the company you work for did this? Think again.
There are dozens of other ways to do it too.
So yeah, for the tablet that is in my place that I have funds on I know every call it has made since Christmas.
Never spoke to a node except mine.
But, with that being said since we don't have the source and we don't know what else it's doing, while I am at work today it could send my seed someplace and by the time I get home it's too late.
But, also as I have said if we don't know the way they send updates to the Play / iTunes store it's all moot, more or less:
Code review vs compiled is great but if you don't have auto-update turned off its pointless. The best wallet with the best intentions is worthless if everyone on the team has the ability to push up the files or there is not a good process to do it.
Look a new version, but look the compiled version on github does not match the version in the stores don't update.
How may people auto-updated to the version that EvilDave pushed out Friday afternoon when everyone was leaving for the weekend. Look EvilDave now has 10% of all the BTC stored in everyone's wallet that he took while hopping a flight to a country that has no extradition. How did this happen? Oh, the wallet with all the code reviews and all the proper things done pushes the code to the App / Play store from a PC that is not properly secured.
I have been saying it for a while [and will keep saying it], until all developers give up an audit trail of how their update is secured then offline / hardware for big amounts and be prepared to loose everything from all other wallets at any time.
-Dave
But Coinomi does allow you to change the server it talks to (on the mobile version). Don't trust them for privacy, use your own server.
You can actually install a sniffer on your Wi-Fi and see that yes, once you change it it never talks back to them. On mine it has not pinged back for months except for update checks.
You can actually install a sniffer on your Wi-Fi and see that yes, once you change it it never talks back to them. On mine it has not pinged back for months except for update checks.
invasion of your privacy doesn't have to happen on every communication. with HD wallets sending the master key (hopefully public not private!!) to their servers would do the trick since they will have all your future addresses and transactions.
and assuming that communication to their servers is encrypted (which it should, using SSL) then you can't "sniff" it anymore. you may just see it communicated which may be to check for updates or may have been sending your information to their servers...
Serious danger? Your privacy is pretty much nonexistent when you closed-source wallet, since you're connected to their server and it's likely they log everything (where there's no way to prove it's true or false).
But Coinomi does allow you to change the server it talks to (on the mobile version). Don't trust them for privacy, use your own server.
You can actually install a sniffer on your Wi-Fi and see that yes, once you change it it never talks back to them. On mine it has not pinged back for months except for update checks.
--snip--
-Dave
TBH i completely forget about it, but AFAIK by default you're connected to their server and there are very few people who bother change it (since usually people who bother do this would use open-source wallet instead)
Yes, by default you connect to their servers. All wallets do that.
But with some open source wallets you can't change easily, or at all.
With mycelium, you have to change the source and recompile and with green you can change SPV only do it on android.
Some like electrum are quick and easy to change. Others, not so much.
So keeping all that in mind, the general consensus about Coinomi Wallet is..... "yes, I advise you to use it" or "no, I advise you to not use it"
I will say for me I consider any amount in a hot wallet on a phone to be funds I do not think are safe and could loose at any moment, no matter what wallet it is.
So, I would say if you want a multicoin / multitoken wallet on your phone (or desktop) holding hot funds that are not going to make a difference in your life if you loose them then yes I advise you to use it.
If you want to store your life savings on BTC I would tell you to use a hardware wallet with at least 2 of 3 multisig.
Somewhere between those two amounts is your comfort factor.
We are anonymous here, I don't know who you are. You could be Bill Gates so your comfort amount in a hot wallet could be 15000BTC because that is your petty cash.
Or you could be living paycheck to paycheck in a very poor area and loosing anything over $20.00 is going to mean you don't eat tomorrow.
So, although it is a bit of a circle I say yes use it, but no don't use it. Depends on the use.
-Dave
Use it with caution for small percentage of your coins.
I have multiple
core wallets
hardware wallets
online wallets.
Frankly most of my cryptocoins are not coins but gear instead of coin.
It is hard to play the cryptogame if you just buy and hold or buy and trade coins.
I juggle
coins,gear,cash,debt,infrastructure .
No great amounts of anything.
Multiple locations for gear coins cash.
Jump to: