Coinomi Strikes Back: “We Don’t Negotiate with Blackmailers”

A one-man defamation campaign alleging software vulnerabilities has been launched against Coinomi.

Cryptocurrency storage application Coinomi Wallet has refuted recent claims that its software was coded to send unencrypted wallet recovery seed phrases to Google’s spell check servers. The claims were denied in an official statement posted on Medium on Wednesday, February 27.

Coinomi clarified that seed phrases “weren’t being transmitted at all unless the user chose to explicitly restore their Desktop wallets,” and that if they were sent, they were encrypted and “encapsulated inside a HTTPS request with Google being the sole recipient.”

Asia Trading Summit – The Leading Investment Event in China

Additionally, “the spell-check requests that were sent over to Google API were not processed, cached or stored and the requests themselves returned an error (code: 400) as they were flagged as ‘Bad Request’ and weren’t processed further by Google.”

Still, Coinomi did acknowledge that this was a problem, one that was likely caused by a poor configuration in plug-in software that operates as part of the Coinomi wallet desktop application.

 

Founded in 2014, Coinomi is one of the oldest cryptocurrency wallets on the market.

Allegations, Threats, and Blackmail

The claims were originally publicly made against the company came from one Warith Al Maawali, a man who said that a Coinomi wallet had been hacked because of the vulnerability. Maawali created a support request on Coinomi’s board describing the claims in detail; he also seems to have created Avoid-Coinomi.com, a website that also contains descriptions of the vulnerability as he sees it.

Coinomi is said to have immediately flagged the post as ‘high priority’ and to have launched an investigation into the matter. Despite this, however, Coinomi COO Angelos Leoussis explained on the company’s Telegram channel that Maawali persisted in “threatening, swearing, and blackmailing us for insane amounts.”

Unfortunately for Coinomi, Maawali’s claims spread like wildfire over the web. At the time of writing, a number of crypto-centric news publications, including DecryptMedia, Ethereum World News, and Bitcoin Exchange Guide have reported on Maawali’s claims without including Coinomi’s defense.

 

CoinTelegraph reported that before Maawali went public with his allegations, he requested that the company refund him the cryptocurrency that had allegedly been stolen from him, threatening that if they failed to do so, he would have “no choice other than reporting this in social media.” However, Maawali would not provide Coinomi with the details of his claims.

Coinomi proceeded by asking Maawali for more information on the alleged vulnerability. Maawali is said to have responded by saying that he wouldn’t give any details until he was guaranteed payment.

 

 

Even so, Coinomi reportedly reported the allegedly stolen assets to Chainalysis, so that the funds will be blacklisted, and therefore will not be accepted by any exchange.

Regardless of whether or not Coinomi’s alleged vulnerability actually led to the theft of Maawali’s assets, the debacle has served as a reminder that software wallets can be risky.

Indeed, Ledger CEO Eric Larchevêque told Finance Magnates in an email that “the Coinomi meltdown is further evidence of why software wallets are a recipe for disaster. When entrusting a software wallet with your assets, you are exposing your private keys to the internet, leaving them vulnerable to attack. Simply put, cold storage on a hardware wallet is the only way for investors to ensure complete security of their private keys.”

Finance Magnates reached out to Coinomi but had not received a response at the time of publication.

Got a news tip? Let Us Know