Bitcoin Wallet Researchers Slam ‘Inappropriate’ Redditor’s Coinomi Complaint
By CCN: CipherBlade, a blockchain security research firm, has published the results of a lengthy investigation into the claims of a Coinomi user.
How Were the Funds Truly Compromised?
Warith Al Maawali contacted CCN and just about every news outlet he could find with the claim that because Coinomi had sent seed phrases to Google for spellchecking, he had lost his entire life savings. His goal was to pressure the company into reimbursing him for losses, but it appears that, after extensive research, it’s doubtful that Al Maawali lost his crypto through the fault of Coinomi. It’s more likely that he never lost it at all or that his seed phrase was compromised in another way.
We previously reported on those claims here. We then followed up with a response from Coinomi, who believed by that point that Al Maawali was attempting to extort the company.
Coinomi explicitly stated that the bug in question had never actually compromised seed phrase words, as they weren’t sent in plain-text. The inference to be drawn would be that in the event his funds were stolen in this way, Google or a Google employee did it.
CipherBlade writes:
“Upon review of the publicly available facts, it quickly became apparent to the CipherBlade team that Al Maawali’s conduct is grossly inappropriate to the situation. We receive multiple messages on a daily basis from people seeking help regarding scams or hacks, and so we understand very well that victims can be emotional and even irrational — in the worst case yet, we’ve been forced to prevent a fraud victim from attempting to murder a suspect. And indeed, even well-composed individuals are often at a loss as to what the proper course of action is when they become the victims of such crimes. Nevertheless, given the public nature of the present incident, it is worthwhile using it as a case study.”
CipherBlade finds that the most likely attack vector exploited by an attacker – assuming an attack ever took place, which is questionable – was through the storage of the seed phase itself.
