Cryptocurrency wallet Coinomi has once again become involved in a security scandal, with a security consultant claiming to have found a vulnerability in the service. Allegedly, the service would send wallet seed phrases, the backup information needed to recover a crypto wallet, to servers unencrypted—allowing hackers to potentially intercept the data and steal a user’s funds.
Al Maawali, a “cryptocurrency strategist and security consultant” based out of Oman, claims to have found a vulnerability in the Coinomi desktop wallet. Like many other software wallets, it uses a 12-word seed-phrase to restore a wallet in cases where a user loses or damages their computer, or in some cases where a user forgets their pin or needs to transfer funds to a new device.
Maawali created a website explaining the exploit in detail after allegedly losing $60,000 to $70,000 in cryptocurrency from the exploit.