Coinomi is a cryptocurrency wallet that helps in storing, trading, securing and managing Bitcoin, Altcoin and Ethereum. This cryptocurrency wallet was probed a few days back that its wallet is vulnerable. The vulnerability issue was highlighted by Warith Al Maawali on Reddit. It reported that it had a bug because of which the user’s backup seed phrase was allowed to be viewed by Google. However, on Coinomi’s official website this issue was addressed.
Coinomi creates a wallet by using a 24-word passphrase, and the wallet can be restored by the user from any platform. The users can manage their wallet on their personal computer and phone simultaneously at once.
Due to this vulnerability of Coinomi, there have been claims by its users that they have lost digital currency worth of $60,000 to $70,000. As per the claims, they stated that the wallet had been executed poorly because of which the plain-text passphrase of users has been shared with the server of the third-party.
There was a blog posted by Coinomi about this matter stating that the seed phrases transmitted have been incorrectly characterized by social media and CCN users. They said that there was no plain-text in the packets. Coinomi said that the transmission was not done deliberately or by design and that there was a bug only on wallets that were on the desktop that were affected. There were claims made by users who attached screenshot stating the packets were in the form of plain-text. However, it was clearly showing that packets were encrypted.
The bugs had attacked only the personal computer wallets because they made use of the plug-in. To resolve this issue, a patch was pushed by the group of people who are in charge of the plug-in on the very first day the issue was addressed.
One user reported that this type of security problems could be exploited only by the authorized people and people who are at the backend of the process. He continued to say that people who have invested Coinomi should withdraw their funds and they should change their passphrase with the help of different app and create a new wallet. The seeds of the wallet which is also known as passphrase go through Google servers for spell check in the form of a plain-text, therefore, allowing Google to access remotely. Many other users also came forward saying that they had lost funds on this platform too following the news when the claims about Coinonmi were exposed on the digital currency space.