Alleged Coinomi exploit shows how easy it is to have Bitcoin stolen

To <i>Google Chrome&#x27;s</i> spellchecker. It&#x27;s a bad vulnerability, but it&#x27;s unlikely that it&#x27;s really the attack vector here.

It&#x27;s not an exploit. It&#x27;s a vulnerability baked in the wallet app source code. There&#x27;s a difference.<p>The article seems to have been written by someone who has a poor grasp on security terms.<p>I&#x27;d recommend reading the researcher&#x27;s write-up and avoid getting the wrong idea of what&#x27;s happening there: <a href="https:&#x2F;&#x2F;www.avoid-coinomi.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.avoid-coinomi.com&#x2F;</a>

If I were a security consultant, I would be a bit more hesitant about telling the world that I casually entered a seed phrase worth $60K into an online device, never mind which software it was. The report mentions that the seed phrase originally came from his exodus wallet (desktop software), which is also a wallet that is not suitable for storing such large amounts.<p>For those amounts, use a hardware wallet, or software that supports generating the transactions offline so that the device with the key never has to go online.

The video in the article essentially shows nothing; the claim is &quot;Google stole my coins.&quot;<p>Possible? Sure. Likely? No.<p>The corroboration with the two users from Reddit is useless because they didn&#x27;t use a seed phrase.<p>edit&#x2F; To clarify: Yes, this is a stupid practice. You should be doing this locally or ideally not at all. But thinking Google is stealing your coins is a pretty big stretch.

Decentralized currency is simply not viable for the mainstream, an economy needs institutions that can be relied upon and a certain level of centralized control to take the wheel when things go sour. There are still gains to be made via speculation but the dreams of folks like Nick Szabo will not be realized with crypto in its current state.

Between people losing their keyphrase, to software wallets being hacked, to hardware wallets being compromised...at what point is it more safe to just keep your coins on a reputable, insured, exchange? I think the odds of Coinbase doing a Mt. Gox are a lot more slim than the odds of a random person screwing up their own storage solution.

Why would you spell check a password? Passphrases are in vogue, but a field whose very mature is to be high entropy probably doesn&#x27;t conform to traditional spelling&#x2F;grammar...

Why does a <i>spell checker</i> need to live in the cloud?<p>To harvest user text for marketing analytics of course. Never mind.

I still don&#x27;t get cryptocurrencies. Yes, a blockchain works when zero trust is needed&#x2F;desired for transactions, but that&#x27;s still an implementation-level concern, and implementations aren&#x27;t perfect. Without legal means of redress, somebody is always going to get burned. If there are legal means of redress, then by definition you trust somebody, right?<p>I think a blockchain fits well when you need to verify a legal authority, like a felonies database (can you trust the cop that filed the report?), but otherwise it kind of just goes around the legal system; by doing so, you&#x27;re just re-inventing the wheel.

so if an unknown mail provider in Zimbabwe gets hacked email is insecure. Logical

the crypto tech was marketed as the most secure financial instrument but so far it has been repeatedly proving itself to be quite the opposite:)

This entire thread: &quot;Why don&#x27;t you just use the post office why do you need email?&quot;

You know what&#x27;s the most painful thing? If (I&#x27;d say when) years go by and Bitcoin value is a significant multiple of what it is today... Much like those who lost their wallets in 2011-2012-2013, most probably it will be haunting