When storing your cryptocurrency, you need to know your assets are safe, especially when using wallets on exchanges or via software that means your assets are ‘online’. The benefits to these sorts of wallets are that you can access your assets across a range of platforms (mobile, PC etc) and also means that if you forget your login details, you might not always totally lose access to your crypto.
Drawbacks however to having your assets online can often mean your storage is not decentralised (and is managed by someone else like an exchange) and indeed, your assets are connected to a network which means they can be accessed via hackers who are able to exploit bugs.
Such a bug has recently been located within the Coinomi Wallet. The bug seems to have stemmed from a vulnerability that has has been exploited via Google’s spell check after Al Maawali, the victim of the bug revealed that his wallet has been accessed and could have stolen up to $60,000.00.
According to Unhashed:
“Al Maawali, claims that a text box built into the Coinomi wallet sent his seed phrase to Google’s online spell check service. Since a seed phrase can be used to gain access to a wallet, handling data in this way is a major risk. Al Maawali claims that the bug was used to steal $60,000 of cryptocurrency from his wallet. He also says that Coinomi has refused to take responsibility, which has forced him to reveal the problem publicly. Coinomi itself has now responded, admitting that Google spell checks did occur due to a bad configuration in one of the wallet’s plug-ins. However, Coinomi also says that this function sent text securely—and that Google actually rejected the data.”
So, according to the reports, no assets have been lost as a result of this, though Maawali has felt that this bug could have been exploited more successfully in the future - thankfully in this instance, everything seems to be okay and indeed, Coinomi seem to believe that the bug was never really an issue in the first place.