Redditor u/warith77 (Warith Al Maawali) claims that he lost all his life savings ($60,000 - $70,000) because Coinomi, a popular multi-coin cryptocurrency wallet, exposed his passphrase to a third-party server. He took the issue to Reddit after Coinomi refused to take responsibility for his loss.
90 percent of funds were gone in a snap
The user encourages everyone to ditch Coinomi given that the critical vulnerability can lead to a similar black swan situation. The security issue was detected after he had already entered his Exodus’s wallet passphrase. Their main application, which was installed by the user on Feb. 14, was not digitally signed. On Feb. 22, he found out that 90 percent of his funds had been stolen. His portfolio included Bitcoin (BTC), Ethereum (ETH), and Litecoin (LTC).
$70,000 spelling check
When trying to get to the core of the problem, he discovered that the Coinomi‘s ‘Restore Wallet’ textbox sent his seed phrase to googleapis.com for spelling check. Eventually, somebody got access to his passphrase and stole the funds.
Now, Al Maawali promises to take legal actions against Coinomi LTD, the UK-based company, if they don’t take responsibility for this security bug that cost him his life savings.