The Coinomi wallet app has become a threat to all its users as it exposes users account detail to man-in-the-middle (MitM) attacks during which attackers can log passwords and later empty accounts. It happens when the app sends user passwords to Google’s Spellchecking service in clear text.
An Oman-based programmer Warith AI Maawali came up with an angry write-up through which the matter came into light. The Programmer discovered it while investigating the mysterious theft of 90% of his funds.
When users select a password(passphrase), the Coinomi app according to AI Maawali grabs the user’s input inside the passphrase textbox and sends it silently to Google’s spellcheck API service.
The coinomi team bothered least to turn this feature off in their wallet’s UI code which led to a situation where all the user account’s login details are leaking via HTTP during the process of the setup.
Coinomi wallet app passphrase in cleartext can be visible to anyone in a position to intercept web traffic from the wallet app.
The passphrase allows the attackers to gain access to a user’s wallet via the restore wallet function and all the cryptocurrency accounts linked with that wallet and ultimately all the users’ funds.
However, no definitive proof has been provided by Al Maawali that how hackers stole his funds. Only Coinomi-stored funds were stolen according to him which is why he doesn’t think there is any other way hackers could gain access to those accounts apart from gaining access to his Coinomi passphrase.
According to what AI Maawali claims he has reportedly lost $60,000 and $70,000 worth in different cryptocurrencies. More threats are expected as other reports are released on Coinomi’s Reddit thread where users are complaining about suddenly finding their coinomi-managed accounts emptied overnight.