Cryptocurrency Exchange

Spellcheck vulnerability addressed by Coinmoni

The crypto wallet provider Coinomi has denied the allegation that the wallet has a bug in it that allows the google to view the users seed phrases. Reportedly Coinomi generates 24 seed phrases which in turn enable its users to restore wallet on any platform. And helps them to manage the wallet on phone or PC. However, the wallet company has disapproved this report through their official statement issued on 27th February.

As per the statement issued by the company, the media has wrongly interpreted their seed transmission phrases. They further added the seed transmission was encrypted through SSL and Google is its lone recipient.

However, according to a user of Coinomi wallet, the vulnerability sends private key of the wallet to spelling checking service of Google in plain text. The user explains that to recover wallet the desktop wallet has a textbox, any text typed in this textbox automatically sent it to googleapis.com as a request for spell checking. The textbox in the discussion has the power of Chromium browser component and the text typed in it gets transformed into HTML file.

The bug that has occurred only in the desktop wallet is not intentional, and it was not designed as well. The error purely happened because of the plugins used in the wallet. The day Coinmoni team heard of the plugin they launched a patch to fix the error. Although the user claims it to be a plain text, it is visible from his screenshot, the data packets were encrypted.

The spell check request went to Google from Coinmoni were not stored and were flagged as unauthorized request and were not processed further as stated by Coinmoni.

Coinmoni has flagged the users claim on high alert and has investigated into the matter. The company is also getting threatening and blackmailing calls from the user group as stated by the company COO.

The wallet company also confirms that no other news of wallet hacks has come to light except this particular user Warith Al Maawali’s. They even think that the keys are still controlled by him and not stolen. The company also said that seeds were never transmitted until and unless a user explicitly did so to restore desktop wallet.

On 26th of last month, the company had decided to report the stolen assets to Chainanalysis, so that the fund gets blacklisted and does not gain acceptance from any exchange.

James Voss

James Voss is a full time writer in CryptoLighty. He holds post graduate degree in computer science and has around one year experience in writing about cryptocurrencies. His technical knowledge and passion for crypto led him to our reporting team. He also interested in analyzing cryptos by technical aspects like different charts.

Recent Posts

How tokens and NFTs provide real-world value to Crypto gamers?

Most traditional in-game assets are non-transferable, meaning that players cannot sell them to other players…

5 months ago

Decoding Tether (USDT): Navigating the cryptocurrency landscape in 2024

Tether(USDT) is a strong contender in the cryptocurrency ecosystem as a stablecoin whose value is…

9 months ago

Breaking down Ripple’s (XRP) important partnership: What you must know

Uphold has shown support for Ripple. Among other things, the highly recognized partnership entails pre-funding…

1 year ago

Bitcoin Cash and Bitcoin: Understanding the key differences

While the ecosystem of cryptocurrencies is broad, it has various shining examples of these digital…

1 year ago

Monero: Navigating the future of privacy coin in a world of evolving regulations

The world of finance in the present-day scenario has changed remarkably and turned out privacy…

1 year ago

Binance Convert Adds Terra Classic and Terra Classic USD

Binance Convert now supports Terra Classic (LUNC) and Terra Classic USD (USTC). Currency holders can…

2 years ago