A Bitcointalk forum user under the nickname warith reported he lost $60,000 - $70,000 due to a vulnerability in the popular crypto wallet Coinomi.
According to the post published on the forum, the author claims that on February 14 installed the Coinomi app, after which he entered into his interface a code phrase from his main Exodus-based wallet.
“I downloaded and installed Coinomi application (Windows version) and noticed that their setup file was digitally signed but their main application was NOT signed after the installation process was completed,” he writes.
On February 22, he noticed that some 90% of the possessed assets was transferred to various addresses (Bitcoins, ETH, ERC20 tokens, LTC, and BCH). Only the cryptos not supported by Coinomi (but supported by Exodus) remained untouched.
Thus, a person from Google or someone who is able to monitor HTTP requests sent to googleapis(dot)com discovered and used the passphrase to stole the crypto worth $60,000 - $70,000. Everyone who is aware of the technologies and cryptocurrencies knows that 12 random English words can be a code phrase for a crypto wallet.
Coinomi has provided no official comments on the issue. The author, however, stated that it deleted its comment on his claim on Twitter and was evasive answering in correspondence. The author stressed he is planning to file a claim if the company keeps avoiding liability.
Later, the company eventually made comments on this issue saying that this problem hit only desktop version of the wallet.