Programmer Warith Al Maawali has discovered a security breach in the Coinomi cryptocurrency wallet, as a result of which the Coinomi crypto wallet sends users' passphrases to the Google spell-check service in unencrypted form, thereby opening up access for scammers to private information and giving them the opportunity to take over users' funds. This breach in the wallet's security was discovered during the investigation of the mysterious theft of 90% of the programmer's funds. Al Maawali discovered that during the setup of the Coinomi wallet, when users enter the mnemonic phrase (seed), the Coinomi application captures the text data entered by the user and automatically sends it to the Google Spellcheck API service for spelling verification in plain form. "To understand what is happening, I will explain it technically," says Al Maawali. "the wallet interface is written in HTML and Java Script and is rendered using a built-in Chromium-based browser."

Like any other Chromium-based application, the wallet application is integrated with various Google-oriented features, such as the automatic spell-check function for all of the user's text input fields. It appears that the problem is that the Coinomi team did not bother to disable this function in the user interface code of their wallet, which led to a situation in which the backup phrases of all their users' wallets were leaking over HTTP during the wallet installation and setup process. Anyone able to intercept web traffic from the wallet application would be able to see the seed phrase of the Coinomi wallet application in unencrypted form. This phrase allows attackers to gain access, using the recovery function, to all funds stored in the user's wallet.

And although Al Maawali has no conclusive proof that this is exactly how the hackers gained access to his data, he claims that only those funds that were stored in the Coinomi wallet were stolen, and therefore he sees no other way to steal the cryptocurrency except through access to the Coinomi mnemonic phrase. "Anyone involved in technology and cryptocurrency knows that (…) 12 random English words separated by spaces are likely to be a passphrase for a cryptocurrency wallet," said Al Maawali.

The researcher created a dedicated website where he described the problem and the experiment he conducted in trying to get Coinomi to acknowledge the vulnerability. He also published a proof-of-concept video, which was later independently verified and reproduced by Luke Childs, a security researcher.

Coinomi, which offers a multi-cryptocurrency wallet application for Android, iOS, Linux, Mac and Windows, did not respond to the affected user's request with an offer to compensate for the stolen funds. However, an updated version of the application appeared the very next day after the user's appeal. Al Maawali claims that he lost between 60,000 and 70,000 US dollars in various cryptocurrencies. His version of the theft of funds is confirmed by other messages in the Coinomi thread on the Reddit forum, where users complain that one day they woke up and discovered that all their Coinomi wallets had been emptied overnight.

The Danger of Hidden Mining and Protection Against Miner Viruses A Vulnerability Discovered in the Coinomi Crypto Wallet