News: Life Savings Stolen from Coinomi Wallet ?! Institutions stealthy join crypto

Boxmining

12.4K views 430 6 years ago

Description

Coinomi wallet security is called to question today, as a user claims that his entire life savings were lost due to a wallet bug. Julius Baer decides to be pro crypto - despite bashing as insecure jus...

Coinomi wallet security is called to question today, as a user claims that his entire life savings were lost due to a wallet bug. Julius Baer decides to be pro crypto - despite bashing as insecure just 1 year ago. 0:34 Lifesaving stolen from Coinomi Wallet 3:40 Institutions stealthy join crypto 5:48 $66 M of assets tokenized on Ethereum 6:47 EOS hacker runs away with $2.07M EOS 8:40 OKex enables 5x margin trades - for even more REKTAGE #Coinomi #Ethereum #EOS 👍🏻Subscribe to Boxmining for Daily CryptoNews and Altcoin explainers: https://www.youtube.com/c/boxmining 👑Recommended Exchange - Binance: https://goo.gl/joe55C 🔒Hardware Wallet: https://www.ledgerwallet.com/r/428b 📲Mobile Wallet: https://enjinwallet.io/ Brave Browser: https://brave.com/box831 Buy Crypto on Coinbase: https://www.coinbase.com/join/590c3a1c8bfa31012ffacf87 #Bitcoin #Ethereum #Cryptocurrency #Crypto #Altcoins ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬● Telegram groups: Telegram Discussion Group: https://t.me/boxminingChannel Telegram Announcements: https://t.me/boxminingChannel ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬● ♨️Social: Steemit: https://steemit.com/@boxmining Twitter: https://twitter.com/boxmining Facebook: https://www.facebook.com/boxmining ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬● I'm not a professional financial adviser and you should always do your own research. I may hold the cryptocurrencies talked about in the video. ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●

AI Analysis

This video dives into a mix of crypto news, kicking things off with a shocking security flaw in a popular crypto wallet, then pivoting to discuss the quiet but significant entry of traditional financial institutions into the crypto space. It also touches on real-world asset tokenization, a major hiccup in the EOS ecosystem, and the risky world of high-leverage trading.

Here's a breakdown of the key topics:

* Life Savings Stolen from Coinomi Wallet:
* A user named Warref77 allegedly lost $60,000-$70,000 of his life savings from his Coinomi wallet due to a critical vulnerability.
* Warref77, who is a computer expert, used a tool called Fiddler to track the wallet's communication and discovered that his wallet was sending his passphrase to Google.
* The passphrase provides complete control over a user's cryptocurrency, including the ability to withdraw all funds. This was a massive red flag.
* Coinomi later confirmed a bug, stating that a misconfiguration with one of their wallet plugins was inadvertently sending the passphrase to Google for a spellcheck service. This is just ridiculous, as a passphrase should never be leaked to a third party, especially for something as trivial as spellcheck.
* While the transmission was secured by HTTPS, meaning only Google could technically read it, the security of Google's spellcheck servers for such sensitive data is unknown.
The bug only occurred when a user initiated a request to restore* their phrase, not during regular use, which is a minor redeeming factor but doesn't excuse the oversight.
* The situation highlights a massive oversight in the wallet's design and programming, leaving the presenter baffled by how such a critical error could occur.
* The takeaway here is that wallet manufacturers must prioritize security above all else, and it's best to stick with older, more reputable companies like Trezor or Ledger that have a proven track record and programming know-how.

* Institutions Stealthily Join Crypto:
* Swiss private bank Julius Baer announced a partnership with SEBA Crypto AG to offer crypto services to its clients, citing increasing demand for digital assets.
* What's truly hilarious and hypocritical about this is that just a year prior, Julius Baer publicly advised against Bitcoin and cryptocurrencies, labeling them as "immature technologies" facing "severe technological, e.g. cybersecurity governance, e.g. the power of miners on the blockchain network and regulatory hurdles."
* Their sudden pivot demonstrates that they were clearly trying to suppress crypto before, but now realize the undeniable and growing institutional demand.
* This move symbolizes a shift in the traditional finance world's perception of crypto. The idea that blockchain can replace the centralized, often poorly regulated banking sector is slowly gaining traction, showing that trustless, peer-to-peer value transactions and smart contracts can indeed cut out the middleman.
* This institutional entry won't bring immediate hype or dramatic price surges, but it signifies a long-term, fundamental shift in how finance operates.

* $66 Million of Assets Tokenized on Ethereum:
* A significant real-world asset, a $66 million property, is being tokenized on the Ethereum blockchain.
* This is part of the growing trend of security tokens or tokenized securities, where real-world assets (beyond just crypto coins) are represented as digital tokens.
* Specifically, this property is being converted into ERC-20 tokens, demonstrating Ethereum's utility beyond just cryptocurrency.
* This year is expected to see more attempts at asset tokenization, though the presenter believes it will be a long regulatory battle, requiring significant legal effort to integrate decentralized platforms with traditional financial structures.

* EOS Hacker Runs Away with $2.07 Million EOS:
* Approximately $2.09 million worth of EOS, belonging to a hacker, was supposed to be blacklisted by the EOS arbitration group. This blacklist was intended to prevent the hacker from accessing or moving the stolen funds.
* However, a block producer named "games.eos" failed to correctly implement the blacklist, which required cooperation from all block producers.
* Due to this misconfiguration, the hacker's account was unlocked, allowing them to successfully withdraw the funds.
* This incident underscores that EOS is still in its early development stages. Some argue it's a failure of EOS's design (specifically its Byzantine fault tolerance), where one misconfigured participant can compromise a critical security measure. Others maintain that it's merely a sign of an immature system that still has kinks to work out.

* OKex Enables 5x Margin Trades:
* OKex, a cryptocurrency exchange, has introduced 5x leverage trading for its users.
* The presenter finds this move questionable, feeling it encourages gambling rather than responsible trading.
* The crypto market is extremely volatile, with prices capable of swinging by 20% in a matter of hours, which can quickly "wreck" a leveraged trade and lead to significant losses.
* The advice is to be extremely careful in this space, especially with high leverage, as the market's unpredictability can lead to rapid and complete loss of funds.

The video also briefly mentions Brave Software partnering with Tap Network to expand the utility of their Basic Attention Tokens (BAT), allowing them to be spent in more places, which is a positive step for crypto adoption. Lastly, the presenter expresses personal interest in the new Samsung Galaxy S10 phone due to its features and Apple's lack of immediate blockchain integration plans, hinting at a potential switch from iPhone to Android.

Transcript

Yo, what's up everyone and welcome back to Box Mining. So, you know, today we've got quite a fun episode. It relates to wallets, it relates to institutional investors. So make sure you guys stay till the end. And I think it's kind of funny because like initially when I started my cryptocurrency YouTube channel, I thought, you know, am I going to run out of cool, interesting stuff to say, especially if I talk about crypto on a daily basis. And today's a prime example of when crypto never fails t...

Yo, what's up everyone and welcome back to Box Mining. So, you know, today we've got quite a fun episode. It relates to wallets, it relates to institutional investors. So make sure you guys stay till the end. And I think it's kind of funny because like initially when I started my cryptocurrency YouTube channel, I thought, you know, am I going to run out of cool, interesting stuff to say, especially if I talk about crypto on a daily basis. And today's a prime example of when crypto never fails to amuse. So guys, let's go straight into it. This story would be hilarious if it wasn't for the fact that this vulnerability was so critical. So Coinomi Wallet, there's this article that appeared to say that this guy, Warref77, lost 60 to 70k of his life savings on Coinomi Wallet. And normally you think, okay, maybe it's just FUD. Maybe it's, you know, fake news. The interesting thing is this guy turns out to be a computer expert. So he used Fiddler. So this is a tool for tracking communication in and out of the wallet. And he found that this wallet sent the passphrase, his passphrase over to Google. So this may or may not be encrypted. But what happens is that this passphrase has complete control over control of his cryptocurrency. That includes, of course, withdrawing everything from his wallet. So that doesn't sound right at all. The fact is that this wallet seemed to have some sort of bug or flaw. Now, there is an official statement from Coinomi. So this is definitely not FUD. And what's interesting is that they're not denying this bug. The fact that it seems to be the case that the passphrase was sent to Google via a HTTPS transmission. So it's kind of secure. But why was it sent over to Google in the first place? And it turns out that they had a bad configuration with one of the wallet plugins. And they sent over this passphrase for a Google spellcheck. That's right. The same spellcheck that your grandma would use to check her new apple pie recipe. That spellcheck was being sent a passphrase that could contain user funds. I mean, this is just ridiculous. It's like the amount of oversight in planning this wallet is just insane. Now, in terms of panicking directly or not, it is secured by HTTPS. So technically, only Google can read that passphrase. Well, Google spellcheck can read a spellphrase. And we don't really know how secure those spellcheck servers are. I guess the redeeming, little bit redeeming fact is that this will only happen if you make a request to restore that phrase. So it doesn't happen all the time. But it just baffles me how this sort of error could happen. Like, what sort of $0.10 or $10 programmer do you have as a CTO who would overlook something as critical as this? The fact is that you should never, ever be able to leak one of these passphrases out to a third party, let alone Google spellcheck. And wallet manufacturers and makers need to make sure that funds are protected from the get-go. I mean, in terms of hardware wallets, Trezor, Ledger, whichever one you prefer. But, you know, stick with the older companies that have been around for a while. At least they have the reputation and even the programming know-how to properly secure it over time. This next bit of news is also quite hilarious. So one of the old institutions, Julius Baer, enters a partnership with SEBA Crypto AG to provide crypto to their customers. And this is quite interesting to read. So they're entering a partnership to take advantage of innovative platform and capabilities to provide Julius Baer clients with leading-edge solutions in the area of digital assets to meet an increasing demand. Okay, so what's funny? I mean, that's not too funny, right? But around a year ago, the same firm issued a stay away from Bitcoin and crypto. You know, all crypto is bad. And they even said this, Bitcoin and cryptocurrencies are immature technologies which face severe technological, e.g. cybersecurity governance, e.g. the power of miners on the blockchain network and regulatory hurdles. Yeah, the same guys, e.g. the same guys, just a year. You know, obviously because over this year, we fixed all the issues with technological cybersecurity and governments and that's why they're coming in. And no, these guys are definitely looking at crypto and they're just trying to suppress it one year and a half ago. And now they realize, and this is kind of symbolic of this current institutional demand. It does exist. And that's why these guys are scrambling to get on the crypto boat. And this pent-up institutional demand, it's not going to be immediate. It's not going to be hype. But what we do know is that this notion that crypto and blockchain can replace a centralized, overly controlled, poorly regulated banking sector, that notion used to be a joke. But now it's slowly setting into the minds of a lot of people in finance. And, well, we're slowly going to see them rise up to realize, well, yeah, well, why do we need the banks now? Why do we can do trustless value transactions ourselves? And in fact, we can write smart contracts to replace that middleman. In terms of other interesting times, we got a $66 million building being tokenized. So this is in part about, you know, these security tokens or tokenized securities. This is right now being done on the Ethereum blockchain. What we're going to see this year is more attempts to do this, to tokenize other digital assets other than just tokens and coins for crypto platforms, but real assets in real life. So this is actually quite a huge property, $65 million worth of property being tokenized and placed into ERC tokens, ERC-20 tokens. Now, this year is going to be a fight for that regulatory space. And I think, personally, I think it's going to be quite a long battle to fight, especially with the fact that it's expensive to get lawyers and to have this old institution bending over to see, oh, yeah, we can do it on a decentralized platform now. Next up, we have big news on the EOS front. So there's this $2.09 million of EOS, which was meant to be blacklisted. So it belonged to a hacker. And the blacklist was being placed by the arbitration group, which said, yeah, you know what? Significant evidence to lock up these funds to make sure that this hacker doesn't get away with stealing funds. So unfortunately, this new block producer, games.eos, they didn't set the blacklist correctly. And because it needed this kind of all these block producers to be cooperating with the blocklist, with this blacklist rather, unfortunately, this account got unlocked and the hacker got to withdraw their funds. So what does it say about EOS? It tells us exactly that EOS is pretty early on in the development stages. It's unfortunate that they weren't able to block this fund. We've got people on both sides saying, you know, EOS failed to build a Byzantine fault tolerant blacklist, stating that, well, you know, one bad player or one misconfigured blacklist can trigger this entire account to be unlocked. Oops. But the other flip side, as you can see, well, you know, EOS is still very early on in the development. So it really depends on which view you take on EOS. On to other stuff, Brave Software, they partner with Tap Network to put essentially allowing Brave to be spent on more areas. And I think we're going to see this more often, just crypto being able to be spent on other places. So good for Brave. We also have OKX. They're doing five times leverage. I kind of laughed when I saw this. I'm like, you know, do we really need to encourage people being leveraging more? I mean, that's just turning crypto into a whole gambling casino. And crypto is just so crazy, guys. I mean, in fact, every single price can go up 20% in a Bitcoin, Ethereum, you name it. And then it can just drop back down. So in a space of a few hours. And that could potentially completely wreck your trade. So just be really careful in this space, guys. And that's it for today's news update. So, yeah, today I'm actually kind of FOMOing into the whole Galaxy S10. It looks really cool. And, you know, Apple doesn't have any indication that they're going to do blockchain stuff soon. So maybe I'm going to switch my active phone to Android now, especially with that three camera setup. It looks really cool. So what are your thoughts on the Galaxy S10? Did you guys preorder one? Are you guys thinking of getting one? Or do you guys absolutely hate it? Leave a comment in the comment section below. I would love to know what you guys think. And guys, if you guys like news updates like this, remember to click up the like button to support this channel. Click subscribe. And also the notification bell button really matters now on YouTube. And guys, thank you guys so much for your support, guys. It's been a crazy last two weeks. Just really appreciate it. Thank you guys so much for watching. See you next time.