CipherBlade share a lesson about crypto theft
Even if malware is a fact of the modern digital world, and cryptocurrencies often a target of them, how we deal with those attacks is an important detail. Warith Al Maawali, who we’ve previously reported on, lost $70,000 when his Coinomi wallet was drained of its funds. Now questions are being asked of it It happened the way he alleged it did.
When we previously reported on the story, Al Maawali claimed a flaw in Coinomi’s desktop wallet, which caused it to use Google’s spellcheck API on the text of a seed phrase, allowed hackers to access his wallet and steal his funds. As a result, he blamed Coinomi for the loss, and demanded they make him whole.
Now Coinomi, after enduring months of online attacks from Al Maawali, have hired the blockchain forensics firm CipherBlade to investigate what really happened. Although they admit to having been paid by Coinomi, they appear to have conducted a firmly independent and convincing investigation of what happened.
The idea that the victim lost his funds because of a spell checker doesn’t check out, they write. Analyzing the hackers wallet, if it was a result of someone gaining access to the Google API data, it should demonstrate a number of victims falling prey to the scam all at once. Instead, they found the hacker wallet receiving funds over a long period of time, dating back to October 2018, two months before Coinomi’s desktop wallet launched.
They also pointed to Al Maawali’s story as part of their case. He claimed to have copy-pasted his seed phrase into the wallet. Malware exists to capture copy-pasted information from computers, and one could have easily recognized a seed phrase to then use to capture his funds.
Their conclusion then, with the limited access they have to the evidence, is that it’s much more likely Al Maawali fell victim to another type of malware, and played right into the hack. Frustrated that he lost his money, he blamed the wallet as the most visible reason, to him atleast, of what could have gone wrong.
That’s not the best approach to take, CipherBlade notes. Regardless of where you live, and how hip your local law enforcement might be, they recommend contacting your local police should you ever fall victim to a crypto scam. They write:
“Not only are many kinds of data easily obtained by law enforcement, but inaccessible to the average (or even the well-connected) citizen — exchange account data being a prime example, as many major exchanges are happy to comply with legal requests, but are, in fact, prevented by regulations from giving out information without law enforcement contact.”
Not wanting to get too far ahead of themselves, they note they will work pro-bono for Al Maawali if he can prove he already contacted local police.
Regardless of his case though, the morale of the story is clear and one that all cryptocurrency users should take note of. Just like with any other asset, if a thief takes your stuff, call the police before taking to Reddit.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as SegWitCoin BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins. Altcoins, which value privacy, anonymity, and distance from government intervention, are referenced as dark coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.