beta

Home

Company

Regulatory

Agency warning

Exposure

News

Assistant

  • English
  • 日本語
  • हिन्दी
  • 한국어
  • Français
  • Español
  • Deutsch
  • Bahasa Indonesia
  • Português
  • Pусский
  • Türkçe
  • ภาษาไทย
  • Tiếng Việt
  • Finnish
  • العربية
  • 繁體中文
  • 简体中文
    Finance WiKi
Login

AI risk analysis - Coinomi Wallet (2025-04-29 17:35:45)

2025/04

FinanceWiki-AI-Agent

Below is a comprehensive analysis of Coinomi Wallet based on the requested criteria, using available information and critical evaluation. The analysis covers online complaints, risk assessment, website security, WHOIS lookup, IP and hosting, social media, red flags, regulatory status, user precautions, and potential brand confusion.

1. Online Complaint Information

Findings:

  • Trustpilot Reviews: Coinomi has a 4-star rating on Trustpilot based on 850 reviews as of March 2025. Most users praise its user-friendliness, security, and wide asset support. However, some negative reviews highlight issues such as:
  • Difficulty transferring certain cryptocurrencies (e.g., Solana) when restoring wallets on new devices, with users reporting funds disappearing despite correct seed phrases and BIP39 passwords.
  • Complaints about unresponsive or unhelpful customer support, with users feeling dismissed when reporting issues.
  • A 2019 incident where a user claimed to lose $60,000-$70,000 in crypto due to a vulnerability (discussed below).
  • Specific 2019 Vulnerability: A security consultant, Warith Al Maawali, reported that Coinomi’s desktop wallet sent unencrypted seed phrases to Google’s spellcheck API, leading to the theft of 90% of his crypto assets between February 14-19, 2019. Coinomi acknowledged the bug but claimed it was limited to desktop desktop wallets, fixed the same day it was reported, and argued the requests were encrypted and not processed by Google. The user demanded 17 BTC compensation, which Coinomi labeled as blackmail. No other similar incidents were reported, but the event damaged trust.
  • Other Complaints: Some users on platforms like Reddit and Cryptogeek reported funds disappearing (e.g., 12,000 USDT) or node disconnections without warning, suggesting potential stability issues. These are isolated but raise concerns about reliability. Analysis: While Coinomi enjoys a generally positive reputation, the 2019 vulnerability and scattered complaints about lost funds and poor support are concerning. The 2019 incident, though resolved, indicates a past lapse in security practices. The Solana syncing issue suggests potential software bugs that could affect specific assets.

2. Risk Level Assessment

Risk Level: Moderate

  • Strengths:
  • No confirmed hacks of Coinomi wallets since its inception in 2014, per the company’s claims.
  • Non-custodial wallet, meaning private keys are stored locally on the user’s device, reducing the risk of centralized breaches.
  • Strong encryption, hierarchical deterministic (HD) wallet structure, and privacy features like no KYC, IP anonymization, and no address reuse.
  • Supports over 125 blockchains and 1,770+ assets, making it versatile.
  • Risks:
  • The 2019 vulnerability exposed a significant flaw in the desktop wallet, raising questions about past quality control.
  • Complaints about lost funds (e.g., Solana, USDT) suggest potential syncing or compatibility issues with certain assets.
  • Coinomi is now closed-source, limiting community scrutiny of its code, unlike its earlier open-source days.
  • No hardware wallet integration, which could be a drawback for users seeking maximum security.
  • Physical security risks if users do not secure their seed phrases or devices properly, as with any non-custodial wallet. Analysis: Coinomi’s non-custodial nature and privacy focus lower centralized risks, but the 2019 incident, closed-source status, and recent complaints elevate the risk to moderate. Users must exercise caution with seed phrase management and device security.

3. Website Security Tools

Website: https://www.coinomi.com/ Security Analysis:

  • SSL/TLS Certificate: The website uses a valid Let’s Encrypt SSL certificate, ensuring encrypted communication. Verified via SSL checker tools.
  • HTTPS: All pages are served over HTTPS, reducing the risk of man-in-the-middle attacks.
  • Content Security Policy (CSP): Limited information on CSP headers, but no reported vulnerabilities related to cross-site scripting (XSS) or injection attacks.
  • Subresource Integrity (SRI): No specific data on SRI for scripts, but the site uses reputable CDNs (e.g., Cloudflare) for static assets, reducing tampering risks.
  • Cookies and Tracking: The privacy policy states minimal data collection (e.g., anonymized analytics, no IP logging). No intrusive trackers were detected via browser inspection.
  • Vulnerability Scans: No recent vulnerabilities (e.g., SQL injection, XSS) reported on the website per web scans. However, the 2019 incident suggests past oversight in desktop app security, which could reflect on broader practices. Analysis: The website employs standard security practices (SSL, HTTPS, minimal tracking), but the lack of transparency on advanced measures like CSP or SRI and the 2019 incident warrant caution. Regular security audits are recommended.

4. WHOIS Lookup

WHOIS Data (sourced from WHOIS lookup tools):

  • Domain: coinomi.com
  • Registrar: NameCheap, Inc.
  • Registered: 2014-06-16
  • Expires: 2025-06-16
  • Registrant: Redacted for privacy (common practice to prevent spam/phishing).
  • Name Servers: linda.ns.cloudflare.com, woz.ns.cloudflare.com
  • Status: clientTransferProhibited (prevents unauthorized transfers). Analysis: The domain is legitimately registered, with privacy protection standard for crypto-related businesses. The use of NameCheap and Cloudflare name servers aligns with industry norms. No red flags in WHOIS data.

5. IP and Hosting Analysis

IP and Hosting (sourced from hosting analysis tools):

  • IP Address: 104.26.14.191 (associated with Cloudflare)
  • Hosting Provider: Cloudflare, Inc.
  • Location: United States (based on Cloudflare’s global CDN)
  • Server Type: Cloudflare’s content delivery network (CDN) with DDoS protection and caching.
  • Reverse DNS: No specific reverse DNS issues identified.
  • Security Features: Cloudflare provides firewall protection, DDoS mitigation, and WAF (Web Application Firewall), enhancing site resilience. Analysis: Hosting via Cloudflare is a strong choice, offering robust security and performance. No hosting-related vulnerabilities were identified. The use of a CDN aligns with Coinomi’s global user base.

6. Social Media Analysis

Official Channels (per website and web sources):

  • Twitter/X: @CoinomiWallet (active, regular updates on features, partnerships, and support).
  • Reddit: r/coinomi (moderated, some user complaints but mostly support queries).
  • YouTube: Coinomi channel with tutorials (e.g., wallet setup, ERC20 token addition).
  • Telegram: Official group managed by COO Angelos Leoussis, though past accusations of dismissive responses.
  • Other: LinkedIn, Facebook (less active but verified). Red Flags:
  • In 2019, Coinomi allegedly deleted tweets acknowledging the unsigned main executable issue, suggesting attempts to suppress criticism.
  • Some users reported dismissive or unhelpful responses on Telegram and Twitter during the 2019 incident and other support queries. Analysis: Coinomi maintains an active social media presence, but past behavior (e.g., deleting tweets, dismissive support) raises concerns about transparency and customer relations. Recent activity appears more professional, but users should verify support interactions.

7. Red Flags and Potential Risk Indicators

  • 2019 Vulnerability: Sending unencrypted seed phrases to Google’s API was a critical flaw, even if limited to desktop wallets and quickly patched. The incident suggests historical lapses in security testing.
  • Closed-Source Code: Transition to closed-source limits community verification, increasing reliance on Coinomi’s internal audits.
  • Complaints of Lost Funds: Reports of disappearing Solana and USDT assets, though not widespread, indicate potential bugs or syncing issues.
  • Support Issues: Negative reviews cite unhelpful or slow support, particularly for complex issues like fund recovery.
  • No FCA Regulation: Coinomi is not registered with the UK’s Financial Conduct Authority (FCA) as a cryptoasset provider, unlike some competitors (e.g., CoinJar).
  • Physical Security Risks: As a hot wallet, Coinomi is vulnerable to device compromise if users fail to secure their seed phrases or devices. Analysis: The 2019 incident and closed-source status are the most significant red flags, alongside isolated but concerning reports of lost funds. While Coinomi has a strong track record, these issues suggest users should proceed cautiously.

8. Website Content Analysis

Content Overview:

  • Purpose: Promotes Coinomi as a secure, multi-asset wallet for mobile and desktop, supporting 1,770+ assets.
  • Claims:
  • “No Coinomi wallet has ever been hacked.” (Contested by 2019 incident but no confirmed breaches since.)
  • Privacy-focused: No KYC, IP anonymization, no transaction tracking.
  • Features: SegWit, cold staking, DApp browser, ShapeShift/Changelly integration, FIO/Unstoppable Domains.
  • Transparency: Privacy policy is clear, stating no user data collection beyond anonymized analytics. However, no detailed security whitepaper or audit reports are publicly available.
  • User Experience: Clean, multilingual interface (25+ languages) with download links for Android, iOS, Windows, Mac, Linux. Analysis: The website effectively communicates Coinomi’s features and privacy focus but overstates its “never hacked” claim given the 2019 incident. Lack of detailed security documentation or third-party audits is a gap compared to competitors like Ledger.

9. Regulatory Status

  • Company: Coinomi Ltd, registered in the British Virgin Islands (BVI) since 2014.
  • Regulation:
  • Not registered with the UK FCA as a Cryptoasset Exchange Provider or Custodian Wallet Provider, unlike some peers (e.g., CoinJar).
  • BVI registration offers lax regulatory oversight, common in crypto but less reassuring than jurisdictions like the UK or EU.
  • No KYC requirements, aligning with privacy focus but potentially attracting scrutiny in regulated markets.
  • Compliance: No reported sanctions or legal actions against Coinomi. Partnerships with Simplex and Changelly suggest some vetting by third parties. Analysis: Coinomi’s BVI registration and lack of FCA oversight are typical for privacy-focused crypto firms but increase regulatory risk in stricter jurisdictions. Users in regulated markets should be aware of potential compliance gaps.

10. User Precautions

To mitigate risks when using Coinomi:

  1. Secure Seed Phrase: Store the 12-word seed phrase offline (e.g., on paper or metal) in a secure location. Never enter it into untrusted devices or software.
  2. Use a Dedicated Device: Install Coinomi on a secure, malware-free device. Avoid rooted/jailbroken devices or shared computers.
  3. Enable BIP39 Passphrase: Add an extra passphrase for additional security during wallet recovery.
  4. Test Restores: Verify wallet restoration on a secondary device with small amounts before transferring large sums.
  5. Update Regularly: Keep the Coinomi app updated to patch bugs (e.g., Solana syncing issues).
  6. Avoid Public Networks: Do not access Coinomi over public Wi-Fi or unsecured networks.
  7. Consider Cold Storage: For significant holdings, use a hardware wallet (e.g., Ledger, Trezor) instead of or alongside Coinomi.
  8. Monitor Transactions: Regularly check balances and transaction history for unauthorized activity.
  9. Backup Data: Manually back up wallet data (excluding automated cloud backups) to prevent loss.
  10. Verify Support: Only contact Coinomi via official channels (e.g., support@coinomi.com, verified social media) to avoid phishing scams. Analysis: User diligence is critical due to Coinomi’s non-custodial nature and past issues. Combining Coinomi with a hardware wallet for large holdings is advisable.

11. Potential Brand Confusion

  • Similar Names: No direct brand confusion with other major wallets (e.g., Trust Wallet, Exodus), but generic crypto wallet terms like “Coin” or “Wallet” could lead to confusion with lesser-known or scam apps.
  • Phishing Risks: Fake Coinomi apps or websites mimicking https://www.coinomi.com/ could deceive users. Always download from official sources (Google Play, App Store, or coinomi.com).
  • Lookalike Domains: No reported typo-squatting domains (e.g., coimoni.com), but users should verify URLs carefully.
  • Social Media Impersonation: Scammers may create fake Coinomi accounts on Twitter/X or Telegram. Stick to verified handles (@CoinomiWallet). Analysis: Brand confusion is a low risk, but phishing and fake apps are common in crypto. Users must verify sources and avoid unofficial downloads or links.

Conclusion

Summary:

  • Strengths: Coinomi is a versatile, non-custodial wallet with strong privacy features, no confirmed hacks since 2014, and support for 1,770+ assets. Its website is secure, and hosting via Cloudflare is robust.
  • Weaknesses: The 2019 seed phrase vulnerability, closed-source code, complaints of lost funds, and lack of FCA regulation raise concerns. Support issues and past transparency lapses add to the risk.
  • Risk Level: Moderate, due to historical issues and isolated complaints, but mitigated by non-custodial design and privacy focus.
  • Recommendation: Coinomi is suitable for users prioritizing privacy and multi-asset support, but caution is needed. Secure seed phrase storage, device hygiene, and regular updates are essential. For large holdings, pair with a hardware wallet. Final Note: Always conduct independent research and consult financial advisors before using any crypto wallet, as cryptocurrencies are high-risk assets. If you need further details or specific aspects analyzed (e.g., deeper social media review, competitor comparison), please let me know!
Powered by FinanceWiki AI Some content is AI-generated and for reference only; it is not investment advice.
Contact us
app