A vulnerability was recently found in the multi-coin wallet, Coinomi, potentially threatening the privacy of its user base. More surprising, however, was the developer’s defensive response to the news.
The discovery was initially made by Luke Childs, who brought it to the attention of Coinomi developers on Github on 16th September 2017.
According to Childs, the wallet transmits its users’ transactions unencrypted to Electrum servers, without SSL — a standard security technology for establishing an encrypted link between a server and a client.
However, it soon became apparent that the developers were not keen to communicate with the online helper about the problem.
Thus, after a week without a response, Childs again tried to get Coinomi’s attention by posting about the issue on Reddit.
Coinomi Developers React Defensively
Two weeks later, Childs finally got a response from Coinomi — via their offical Twitter page — but to his surprise, they seemed bitter about his activism.
Responding to a thread started by Luke, Coinomi’s official Twitter account criticized him for spreading fear, uncertainty and doubt (FUD), saying that he didn’t “even [wait] for a response by our team.”
The team also went on to say that there was “no excuse for that” — referring to Childs apparent spreading of fear.
Furthermore, Coinomi even called for Luke to apologize to its user base when responding to Luke telling them he had waited 11 days with no response before making the issue public.
Childs, in turn, told the team to stop blaming him for their “fuck-up” and then disengaged from the conversation. Coinomi responded in-kind by calling his efforts a “sham” before blocking him entirely.
Coinomi Then Attacks Jaxx
At one point During the kerfuffle, the official Twitter handle shamed Childs for leaking information that may have caused users to seek “inferior and insecure alternatives.”
This could have been an indirect jab at Jaxx — considering the wallet is likely Coinomi’s most visible competitor in the multi-coin wallet market.
Jaxx also came under fire recently when it was discovered that it stored its security PIN unencrypted.
This is something Coinomi used to its advantage, using the moment of weakness for negative advertising against Jaxx.
What do you think of Coinomi developers reacting negatively to the discovered vulnerability in their code? Let us know in the comments below.
Images Via Luke Childs and focusonthefamily.com