Even if malware is a fact of the modern digital world, and cryptocurrencies often a target of them, how we deal with those attacks is an important detail. Warith Al Maawali, who we’ve previously reported on, lost $70,000 when his Coinomi wallet was drained of its funds. Now questions are being asked of it It happened the way he alleged it did.
When we previously reported on the story, Al Maawali claimed a flaw in Coinomi’s desktop wallet, which caused it to use Google’s spellcheck API on the text of a seed phrase, allowed hackers to access his wallet and steal his funds. As a result, he blamed Coinomi for the loss, and demanded they make him whole.
Now Coinomi, after enduring months of online attacks from Al Maawali, have hired the blockchain forensics firm CipherBlade to investigate what really happened. Although they admit to having been paid by Coinomi, they appear to have conducted a firmly independent and convincing investigation of what happened.
The idea that the victim lost his funds because of a spell checker doesn’t check out, they write. Analyzing the hackers wallet, if it was a result of someone gaining access to the Google API data, it should demonstrate a number of victims falling prey to the scam all at once. Instead, they found the hacker wallet receiving funds over a long period of time, dating back to October 2018, two months before Coinomi’s desktop wallet launched.
They also pointed to Al Maawali’s story as part of their case. He claimed to have copy-pasted his seed phrase into the wallet. Malware exists to capture copy-pasted information from computers, and one could have easily recognized a seed phrase to then use to capture his funds.