Pages:
Author

Topic: WARNING - Coinomi Wallet CRITICAL Vulnerability Made Me Lose My Life Savings (Read 2120 times)

hero member
Activity: 2282
Merit: 659
Looking for gigs
I have encountered Coinomi wallet before but never used it or deposited any of my cryptocurrencies there. I'm sorry for the loss of your life savings man. I know how it really feels to lose such savings like that. If I were in your shoes, it would be really hard to move on, accept the loss or getting over it thinking that it's just a material thing and can make that amount back anytime. However, life savings are different and I would really "drown" if I were to lose it all.
STT
legendary
Activity: 4102
Merit: 1454
You can lose all your gold easily via a variety of methods depending how you store it.   In theory gold is a fine idea but dont put everything in there definitely, its best suited to those with perfect personal security obviously its often used with vaults and national deposits in countries with standing armies and so on.   Its really very different in its objective to crypto and how easily usable BTC can be with far lower standing costs.
   SInce we're repeating events of a century ago, some history knowledge is never a bad idea tbh: https://en.wikipedia.org/wiki/Executive_Order_6102
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
The paper wallet address is: 1LuP7CEC6Hnkd1jfLQVrikhcrpFR5MLAt4
That explains why I couldn't find it: the total balance was 160 Bitcoin, not 115. The BSV amount was a bit lower indeed, but I didn't have data on those chains. I'm sorry for insinuating you're trolling Sad

Unfortunately I sent the BCH to an exchange, not my hardware wallet.  So that means it's unrecoverable then?
In this case the BSV in in the exchange's address now. Please contact their support and explain that you sent unsplit BSV along with a BCH deposit to them. Technically it's possible for them to retrieve the BSV, since they control the private keys to their addresses. Practically, getting that private key and making a transaction may be difficult depending on how their system is set up, but only they are going to be able to answer that.
This is correct. Some exchanges offer a cross-chain recovery service at a fee, some don't do it at all, and some do it once in a while. When you contact them, make sure to clearly explain what happened, I've seen people get rejected by customer service employees who either don't understand it, or don't read carefully. Keep it short and concise.

BSV doesn't have replay protection, which means any transaction that occurs on the BCH-chain can also be replayed on the BSV-chain, as long as all inputs exist on both chains.

Transactions:
BCH:
148696fae3d9b84c4031dd2ebd84037c5f22cd6419209f3815dea8d4dc8a341c
d2ad02be15b06dbea03be743dcb1d6cdcc84414de05f254eec88615a1283ff67
This last address has 2 exactly similar transactions incoming. Does this mean you did the same thing twice (also from 1JJ34cfu51rKxWbVPsuu5Ri1iqTiWRz1xM), but only one of the transactions got replayed on the BSV chain?

BSV:
148696fae3d9b84c4031dd2ebd84037c5f22cd6419209f3815dea8d4dc8a341c
d2ad02be15b06dbea03be743dcb1d6cdcc84414de05f254eec88615a1283ff67

On those 2 addresses, you're also looking at ~$500 in Bitcoin Diamond, $300 in Bitcoin Gold (although the addresses don't show up in the explorer's I've tried) and $10 in Bitcore.
There are more but they're mostly worthless and/or only traded on shady exchanges, plus I haven't figured out yet how best to extract them.
If you're interested, I offer my Bitcoin Fork claiming service at a 10% fee.
newbie
Activity: 4
Merit: 4
So your BSV is now in your hardware wallet's BCH address.
Unfortunately I sent the BCH to an exchange, not my hardware wallet.  So that means it's unrecoverable then?
In this case the BSV in in the exchange's address now. Please contact their support and explain that you sent unsplit BSV along with a BCH deposit to them. Technically it's possible for them to retrieve the BSV, since they control the private keys to their addresses. Practically, getting that private key and making a transaction may be difficult depending on how their system is set up, but only they are going to be able to answer that.
Yup.  Thanks again, and sorry for the unwarranted blame.  At least you guys got to show how good your support is. Tongue
jr. member
Activity: 55
Merit: 10
So your BSV is now in your hardware wallet's BCH address.
Unfortunately I sent the BCH to an exchange, not my hardware wallet.  So that means it's unrecoverable then?
In this case the BSV in in the exchange's address now. Please contact their support and explain that you sent unsplit BSV along with a BCH deposit to them. Technically it's possible for them to retrieve the BSV, since they control the private keys to their addresses. Practically, getting that private key and making a transaction may be difficult depending on how their system is set up, but only they are going to be able to answer that.
newbie
Activity: 4
Merit: 4
Ah.  Duh.  Sorry about that, my mistake.  I didn't realize there were hoops to jump through to sweep the BSV wallet, as I had done the same type of operation through ElectrumSV. 

So your BSV is now in your hardware wallet's BCH address.
Unfortunately I sent the BCH to an exchange, not my hardware wallet.  So that means it's unrecoverable then?



To reiterate on Coinomi's behalf, I was mistaken.  This was not a bug in the Coinomi software, I just didn't take the time to understand how to execute the sweep properly. 

Carry on!  Tongue
jr. member
Activity: 55
Merit: 10
Crap, I think this same problem just happened to me.  :|  I lost 115 BSV, ie $16,000. 

Using Coinomi desktop app for Win10, I was sweeping an old paper wallet that had unsplit BTC in it.  I swept the BTC just fine, then swept the BCH, but when I swept to my BSV wallet the Coinomi app threw an error "A generic error has occurred."

Right away I opened ElectrumSV to try the sweep again.  The sweep worked, but the wallet was empty - the 115 BSV was sent to another wallet.  Then another wallet, then another... and I wasn't doing the sending. Sad

Judging from this dirty-dog "spellcheck" fiasco, I'm pretty sure when I got that "generic error", Coinomi sent the error over some insecure server, and the BSV got sniffed. 

Come on Coinomi!!!  Test yur stuff we are losing our life savings out here!  Ok maybe not life savings but I could have bought a nice Honda Civic!!

Hi CW_Fanboy, your issue has nothing to do with the long-fixed problem described in this post (which was found to have been an attempt to extort Coinomi, by the way). As you said it yourself, you didn't split the BCH from the BSV. This means that transactions you make with one coin also happen with the other. This is described on our article here: https://coinomi.freshdesk.com/support/solutions/articles/29000026274-bch-abc-bsv-fork-information-splitting

When you swept the BCH, the transaction was replayed on the BSV network. You can see both transactions with ID 148696fae3d9b84c4031dd2ebd84037c5f22cd6419209f3815dea8d4dc8a341c on the BCH and BSV chains.

Then when you sent the BCH to your hardware wallet, the same thing happened, and you can see both transactions with ID d2ad02be15b06dbea03be743dcb1d6cdcc84414de05f254eec88615a1283ff67 on the BCH and BSV chains again.

So your BSV is now in your hardware wallet's BCH address. If the only BCH you have in your hardware wallet is this one you swept, you can send it back to your Coinomi BCH address. The transaction will be replayed the same way as before, and the BSV will be sent too. Then you can follow the instructions on the first link we sent above to properly split your coins. After that you will be able to make transactions with one without affecting the other. Feel free to continue discussion on the support ticket you opened with us.
newbie
Activity: 4
Merit: 4
Can you share your paper wallet's address? Or is your nickname "CW_Fanboy" just created for trolling?
The paper wallet address is: 1LuP7CEC6Hnkd1jfLQVrikhcrpFR5MLAt4

For what it's worth, I can see the 115 BSV sitting in this wallet... https://blockchair.com/bitcoin-sv/address/19bmMog453CaqL2k76tNXzGzy4qNAmQnHb

I didn't send them there, nor did I send them to the 1Bs6J9GFRHavZCsBqK5ryQ1GAmxMeMMVyS address.  

Thanks for the help LoyceV!  If you lead me to the coins, I'll give you 10 of the BSV, promise!

And no, I'm not a troll!  I'm a genuine CW fan.  I believe CW is the smartest man alive today, just ahead of Jim Rickards.  I know that makes me a tomato target, but that's life in the logic lane.  

If you're really holding $1M+ in Bitcoin on a paper wallet, why would you ever use a hot wallet to sign a transaction? All of this can be done offline and thoroughly checked before broadcasting.
:|

Well, I'm an economist, not an engineer.  I knew about the offline transaction method, but it didn't feel safe to me due to the complexity.
I'm lucky because I could have lost my BTC and BCH as well, had I tried to sweep the BSV first.  

Btw, all my crypto is now moved to hardware wallets.  Phew!  
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Crap, I think this same problem just happened to me.  :|  I lost 115 BSV, ie $16,000. 

Using Coinomi desktop app for Win10, I was sweeping an old paper wallet that had unsplit BTC in it.  I swept the BTC just fine
Let's see if this story can be true: I checked all funded Bitcoin addresses from 5 weeks ago.
That gives these potential addresses:
Code:
12ywFcz7T6YKm7WQwhXeWEQCdk9yK9cbAB 11568356227
14MEF2wEMwmDNMUCPHGnAieqvncJVASKAx 11568280547
1E5CNisvip4BMFr9sCvnubLHbPqLyCSy4d 11568159547
3BMyqSuYwsZiJqoa3xQJyhHo2YgY5P84pd 11566078629
3PmSiEmCsRjpn8TW9HAj5SXXEQC7aj3Agq 11563767458
3NqB2cmXga7XnGmAT5cpVQ2K2K1kpGv833 11559985304
3A1Y447uWvBRC37rXASndPLQv6fqRneYu3 11559159195
34VKPvTpFWjkZNEMNrERgkJEUUP79F6QUE 11556088964
1QFPiEMa1N6WpbVuFWQZnwLAkkrqTQ1mHJ 11555206946
18Rp9CcFpbySKyjYom9vwpQeJPjnHzrBdc 11555200547
1NDcS7Z6icFARpQ6pSF9REaH8chFeu1R5F 11551993152
1P4WpXcdko83hB12Ky8ip3eacxe5i9ScCi 11551171417
1NJSaJAsw78zWsW8HayFJS6iPxdoyVNaJa 11550175505
32CYjZpCmUVq4bipyY12194MQwYSn1hzam 11546784087
1GnxWZKRet9pDRg4v8KqjwWu9UFQ9hmTtf 11545325006
1DM7rUjaqw5tZoqGmWLpmmhVs8q4aGgs9S 11544903451
1A8uWuPQdnEHo7Tgzgi4mNvsdDaNt5is7 11543924674
1uALtAF7Bkx1aRS9QTUXerimKvX5FXYeo 11543340598
14cHqrD76ULa9zKbH6EuuypCzqRtXsPNiD 11538682261
3EW8hJievyCsMipyED4A2v59e17egrjsv7 11537731808
396P5aU5W1VThf3MujwMMw5kgY8uXxcYth 11536069287
1DdbvQBfno6uBdfraWN9PHas9amrAPV8Pj 11535671596
34WVU9QZ49nsdK262rhk1YH4rb5SbuHVdi 11532410547
37njRwHJkDnzZj6X3AFPsBcM1swCRTKkZq 11530801093
1Pk7trmixEY4PgAQSgfLbeBCzNozy1A62J 11530121191
1DDfGZvF4JAEqkBd3DEeFJKopsaQpkKHAp 11527218522
13RLWeJrsH7e2bJF1FwMfMfy6KrAivM3FD 11526501374
34c6y5tYP9vZbrjRvgxiYajG1sSKZRnv6N 11526195085
1F9yVPgX2FMDhYFygaJvJAKSaYce5TgKjT 11522132966
1DLpnH18LrkTupGQxqJP71X1DgCvG4vYiP 11519139205
3JZK9Cx9BKAqaPHFEEwDW3EacJV4NPMCTR 11517099083
1Mx92zN9qZFhMmyvPSyJmSiGAbMyXF94Fb 11516000547
36uoB4bfcsV6JxzSDQR4XzAbqXhBTzVYXu 11515242489
1BDGNhVCZAXwTSqqoQ8yBvjRtruBmMuf7c 11513657259
1MzcCpHXeQDJd1qKYAjga1JmgnEJaLp2Nm 11509921247
3QCXVHvADLoQDkcR69ortNwKP5zzjeQDb4 11507480409
3DMBTJgah8b9Jqv3PifofT5okZPUS6e479 11504718588
12QLCLPhz7xvtCAsk8Sh9gQkQHn5bdhcix 11503037742
32cDaejr2QBroTv3UpcYBwxEXVELBE2KNt 11501945877
1HzUDjuY7LNYAC1cFkMDAmyL7eDFZGKTGn 11501554714
1KDWEbL9XSjFHUkXQsRufQDQzM4CHWthw1 11500642796
15SHnWfRFUpSnDNti1GjWFdWRR68Zp2pUQ 11500078159
3LMTdvsV4RNz3suxejMDcWX5oecq5xyPCo 11500001147
1NHRpM6dyFUbPS4yWM5XG4MTK6NJnFL154 11500000547
15QymN6kZtJdZaGqfbrLuEcEHtxMCWnDsH 11500000547
1DuPxhGV1ts1iUQ4wNk8fBhZgdFUfqNoxh 11500000547
36RdVqz6xowR2iUWR9rLddycBXgJhRELUF 11500000547
1NfPLojwfbw8afSbU9TXqLJosqQ3TumPWz 11500000547
1NMjti1DNRKh97GmQKSm9ha1MuKFgRuQm2 11500000547
36V4DV12GkodBbgf5UxbdBDKD1AWspNnTw 11500000547
1Dbi3a7btyc4SUdpYLgaFKKJgSwj6UCwUz 11500000547
12cUYpotRNxJ7TkHmGsDgPE3JfTy9jTews 11500000547
38vtDxcYvqhH1s4UZ4ZcP6N3GhAVwRjzrA 11500000000
3MRfAoTn11xNGcQVyXdWwZZ4sw4towGB6V 11500000000
16PSEi2i1aMuaACU6G9WafSKS4dbpWyK2T 11499997047
1LYmE87eRAXTuPEuHsdByGaaosqvJKi9No 11499990997
17X1kRVtppyCu4oTtVkjYmTzBXcH7SAAJU 11499983347
1Pqe4wzYZR89t2GznDw7CLFX3ucx5UPq8j 11499980536
3Ftc4aDWM6hverc5YmY96qYKsAD2JeB4tG 11499977051
3QbhMYzY6PUE9vXvcSUG48uWcXU3kNnSuo 11499969173
1EKGhnjazgKxZJLVpC4tdNrtZpS84w7kPo 11499935359
3LZmVSFZeDxw9pwXWrmjZp5DkyDaMvsyud 11499875107
35BRDnB1AF29jY7aYnJPtLeAa48Q5evnjQ 11499705423
35q6Fd6xvvDSWdijJtyraxBn4U75JjBM1r 11499047046
1JdukbPapQ5FH2mX38K4iswRW2yV5gzchx 11499045304
14aaJ95pKvFzqvziFvrLkiq1tt4dKSBPvi 11499020547
3GT1dtVEwe8mG1JVdR5xrAZd9GRpkspVeu 11498301107
13CzaDxSqm8ydmHTcvipPkECdJJnUni5ih 11495053101
3JNPGomhh67eYmnoEdZikVTRPKLt3RrtVq 11490938737
1AggrobixHZbEuF4gpraNMAtEiErTBSL6E 11488418601
1Nu5uBhQ2h91uGig2udAGTJUkBGwFX2W61 11476240853
3BzVUj391MHFRNYkWdPcrKxjqtDWntEJMM 11469969174
1LrBQJP1URXdw78A4Fvq7Tkc2ghnQEjYAR 11467763903
3M1zTL2USpWQJXYbqPZNsy7wCLmvjAgouW 11465993351
3ARHxzCQbkwxfNpUFYmVNoezfEYgVTu117 11465520000
19eZNaK11KXJVQPt64RzqdfddQVB3KTfuD 11463949156
3KBjnquAV8xwAHRyEbHm3fzwEfq7c2g6jD 11462756402
3BMEXZmNeMtqg8JWVkkRCNF94j4S3P1sZc 11462371700
3J9R2EvFGEQvPfSg3UPNRQD8t4bdfUy9gN 11457947760
1FryMGM8PmcJGaLCbSJzaHQnZQKKYnS5sV 11456939996

Importing in Electrum shows that these addresses are currently (almost) empty:
Code:
14MEF2wEMwmDNMUCPHGnAieqvncJVASKAx
1DdbvQBfno6uBdfraWN9PHas9amrAPV8Pj
32CYjZpCmUVq4bipyY12194MQwYSn1hzam
34c6y5tYP9vZbrjRvgxiYajG1sSKZRnv6N
3A1Y447uWvBRC37rXASndPLQv6fqRneYu3
3ARHxzCQbkwxfNpUFYmVNoezfEYgVTu117
3JNPGomhh67eYmnoEdZikVTRPKLt3RrtVq
3KBjnquAV8xwAHRyEbHm3fzwEfq7c2g6jD
3MRfAoTn11xNGcQVyXdWwZZ4sw4towGB6V
3NqB2cmXga7XnGmAT5cpVQ2K2K1kpGv833
I don't expect an old paper wallet to be multisig, so that leaves only the first 2 addresses. None of those are old.
Can you share your paper wallet's address? Or is your nickname "CW_Fanboy" just created for trolling?

If you're really holding $1M+ in Bitcoin on a paper wallet, why would you ever use a hot wallet to sign a transaction? All of this can be done offline and thoroughly checked before broadcasting.
newbie
Activity: 4
Merit: 4
Crap, I think this same problem just happened to me.  :|  I lost 115 BSV, ie $16,000. 

Using Coinomi desktop app for Win10, I was sweeping an old paper wallet that had unsplit BTC in it.  I swept the BTC just fine, then swept the BCH, but when I swept to my BSV wallet the Coinomi app threw an error "A generic error has occurred."

Right away I opened ElectrumSV to try the sweep again.  The sweep worked, but the wallet was empty - the 115 BSV was sent to another wallet.  Then another wallet, then another... and I wasn't doing the sending. Sad

Judging from this dirty-dog "spellcheck" fiasco, I'm pretty sure when I got that "generic error", Coinomi sent the error over some insecure server, and the BSV got sniffed. 

Come on Coinomi!!!  Test yur stuff we are losing our life savings out here!  Ok maybe not life savings but I could have bought a nice Honda Civic!!
legendary
Activity: 3472
Merit: 10611
~
7 month old topic is as applicable today as it was then.. at the end of the day you have to have a wallet of some description and if he had used a 'mnemonic extension' he would still have his funds.. i have used paper wallets to bitcoin core wallet and everything in between and you settle for a wallet that suits your use case.We all know that their is not a 100% secure wallet..so name names and tell me what is the most secure wallet instead of just pontificating

all discussions are already made in this topic and elsewhere and can easily be found. better wallets are also introduced in this very same topic. in fact the comment right above yours has a decent wallet comparison list that addresses many of the flaws in a lot of the currently available wallets.
jr. member
Activity: 160
Merit: 4
1) Why has anybody got their  'life savings' on a fucking desktop wallet.. Use a goddam Trezor with a passphrase and a compatible desktop wallet like electrum
 
2) What were you doing using  Exodus wallet if you were concerned about security, As soon as i tested that wallet it was clear that it is a 'style over substance' wallet

3) Use a passphrase. Coinomi offers you the option of using a bip39 passphrase which would have protected your 'life savings'

4) With all your analasis of Coinomis behaviour try analysing your own shortcomings when it comes down to protecting your crypto assets..  Personel responsibility is about accepting that all software has potential flaws and not blaming a free wallet that you were not forced to use.. i have used a coinomi mobile wallet since 2015 with zero issues and commonsense dictates that you would not have more than a few hundred dollars on a mobile or desktop wallet.

so you just bumped a 7 month old topic with mostly bad advice huh!

1) hardware wallets don't magically give you security. there are still lots of ways that you could lose money using them and lots of exploits that keep being found that lead to fund loss.

2) Exodus is closed source and that means it has 0 security because nobody knows what really happens under the hood.

3) that is not meant for security and it doesn't give you meaningful security either. in fact the term "passphrase" should not have been used in first place. the more appropriate term is "mnemonic extension".
not to mention similar to Exodus, Coinoni is also closed source which means this wallet also has 0 security.

4) that is only true when the wallet's source code can be reviewed by experts and its transparency becomes apparent. but when it is closed source then it should not even be used let alone waste time thinking about what you did wrong that led to losses.
7 month old topic is as applicable today as it was then.. at the end of the day you have to have a wallet of some description and if he had used a 'mnemonic extension' he would still have his funds.. i have used paper wallets to bitcoin core wallet and everything in between and you settle for a wallet that suits your use case.We all know that their is not a 100% secure wallet..so name names and tell me what is the most secure wallet instead of just pontificating
legendary
Activity: 2898
Merit: 1823
I have been recommending newbies to review this list by Veriphi before choosing a wallet, https://docs.google.com/spreadsheets/d/1aZ1zbaUEzCo9NCctN8-eL2VLIiSdY009tTJvRXDUWEw/edit?usp=sharing

Newbies can use Coinomi, or Exodus, but they should know not to use them for HODLing.
legendary
Activity: 3472
Merit: 10611
1) Why has anybody got their  'life savings' on a fucking desktop wallet.. Use a goddam Trezor with a passphrase and a compatible desktop wallet like electrum
 
2) What were you doing using  Exodus wallet if you were concerned about security, As soon as i tested that wallet it was clear that it is a 'style over substance' wallet

3) Use a passphrase. Coinomi offers you the option of using a bip39 passphrase which would have protected your 'life savings'

4) With all your analasis of Coinomis behaviour try analysing your own shortcomings when it comes down to protecting your crypto assets..  Personel responsibility is about accepting that all software has potential flaws and not blaming a free wallet that you were not forced to use.. i have used a coinomi mobile wallet since 2015 with zero issues and commonsense dictates that you would not have more than a few hundred dollars on a mobile or desktop wallet.

so you just bumped a 7 month old topic with mostly bad advice huh!

1) hardware wallets don't magically give you security. there are still lots of ways that you could lose money using them and lots of exploits that keep being found that lead to fund loss.

2) Exodus is closed source and that means it has 0 security because nobody knows what really happens under the hood.

3) that is not meant for security and it doesn't give you meaningful security either. in fact the term "passphrase" should not have been used in first place. the more appropriate term is "mnemonic extension".
not to mention similar to Exodus, Coinoni is also closed source which means this wallet also has 0 security.

4) that is only true when the wallet's source code can be reviewed by experts and its transparency becomes apparent. but when it is closed source then it should not even be used let alone waste time thinking about what you did wrong that led to losses.
jr. member
Activity: 160
Merit: 4
what the heeeeellll..... Huh  Shocked

HardFacts i hope you're trolling
else
check and read the bold WARNING message on the image you posted and do what mocacinno suggests immediately.

Obviously, he has been trolling you guys and you fall from it,  Smiley

That images is here: https://anonymous-proxy-servers.net/en/help/jondo-live-cd14.html
1) Why has anybody got their  'life savings' on a fucking desktop wallet.. Use a goddam Trezor with a passphrase and a compatible desktop wallet like electrum
 
2) What were you doing using  Exodus wallet if you were concerned about security, As soon as i tested that wallet it was clear that it is a 'style over substance' wallet

3) Use a passphrase. Coinomi offers you the option of using a bip39 passphrase which would have protected your 'life savings'

4) With all your analasis of Coinomis behaviour try analysing your own shortcomings when it comes down to protecting your crypto assets..  Personel responsibility is about accepting that all software has potential flaws and not blaming a free wallet that you were not forced to use.. i have used a coinomi mobile wallet since 2015 with zero issues and commonsense dictates that you would not have more than a few hundred dollars on a mobile or desktop wallet.
  
legendary
Activity: 2576
Merit: 1655
what the heeeeellll..... Huh  Shocked

HardFacts i hope you're trolling
else
check and read the bold WARNING message on the image you posted and do what mocacinno suggests immediately.

Obviously, he has been trolling you guys and you fall from it,  Smiley

That images is here: https://anonymous-proxy-servers.net/en/help/jondo-live-cd14.html
full member
Activity: 670
Merit: 130
what the heeeeellll..... Huh  Shocked

HardFacts i hope you're trolling
else
check and read the bold WARNING message on the image you posted and do what mocacinno suggests immediately.
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC

Electrum with a hardware wallet is fine. Electrum on a wiped and air gapped machine that never sees the internet is fine. I've never understood why anyone recommends any Windows PC based wallet for a connected machine. You never know what'll be hiding.

I Totally AGREE !!!  Finally someone that understands this concept.   With a non connected memory device to store my Bitcoins, I do not have worry about them ever being removed.   This allows me to back up my Seed Words here in the forum, and will never risk losing or forgetting my Seed Words as some people have.



In case you were serious and this really is your seed: your wallet is now compromised because you posted a picture of your seed on a public forum.. empty this wallet and never use it again. Anybody can restore your wallet using electrum and sign transactions funding the addresses in this wallet from this point forward.

After you emptied this wallet, make sure you also move the funds you might have on the forks (like bch or bsv), the same seed can be used to steal those ones to.
member
Activity: 434
Merit: 29

Electrum with a hardware wallet is fine. Electrum on a wiped and air gapped machine that never sees the internet is fine. I've never understood why anyone recommends any Windows PC based wallet for a connected machine. You never know what'll be hiding.

I Totally AGREE !!!  Finally someone that understands this concept.   With a non connected memory device to store my Bitcoins, I do not have worry about them ever being removed.   This allows me to back up my Seed Words here in the forum, and will never risk losing or forgetting my Seed Words as some people have.

legendary
Activity: 2590
Merit: 3015
Welt Am Draht
I've been reading this thread in horror, and my understanding is that it's not clear exactly how OP lost his coins.  You seem to be saying it was an attack on his PC rather than some insider at Google, right?  And here I have to profess severe ignorance as to technical matters, but are you saying that even software wallets like Electrum aren't secure on PCs?

Why would any desktop wallet be secure? They're on a machine that attracts keyloggers, screen capture stuff, remote takeovers and clipboard malware. If you can type it or see it that means someone else can too.

The sending address could be changed, someone might be watching you when it gives you the seed or when you reenter it, they might capture your passwords and empty the wallet.

Electrum with a hardware wallet is fine. Electrum on a wiped and air gapped machine that never sees the internet is fine. I've never understood why anyone recommends any Windows PC based wallet for a connected machine. You never know what'll be hiding.
Pages:
Jump to: