Third Statement Overview

Coinomi was very desperate to improve its public image after its “Spell Check” scandal, especially when their cheap social media tactics failed. They literally hired a third-party to vouch for them and prove that my case against them was wrong. We already know by now Coinomi is cheap (check my previous statements) and they went farther this time and hired a company by the name of CipherBlade to “launder” their mess. Please bear with me and read the entire statement so that you understand what I mean by “cheap”. As a starter, let me tell you that CipherBlade is barely a new company that didn’t complete even a year in the business with no background or history! In their report, CipherBlade has concluded that my funds were stolen because my machine probably had malware and it had nothing to do with Coinomi’s “Spell Check” hidden feature that sent my seed/passphrase to a third-party in clear text. CipherBlade kept repeating that they are unbiased and they don’t favor Coinomi’s side over me, but in reality they ignored many facts and tried to mislead the community as Coinomi did. In fact, CipherBlade has challenged me in their report, so how unbiased is that?! Moreover, CipherBlade did not contact me nor verified any information related to my point of view. So I wonder how they are not favoring Coinomi's side over me?! Anyone with common sense can see it clearly how hard CipherBlade is trying to launder Coinomi's public image as they did previously with ShapeShift.

A Reminder

First of all, let me remind you of the following tweet that Coinomi posted after my first statement:

Blockchain Analysis Firm Feedback They stated that they hired a Blockchain analysis firm and they confirmed the funds were NOT stolen. I wonder, was it CipherBlade? How come that they now state it was stolen? Coinomi also stated in their support ticket (before things go public) that they were working with their partner "Chainalysis" (another Blockchain analysis firm) and they are going to blacklist these addresses, but in reality, nothing was blacklisted after I contacted several exchanges and confirmed it. So what did Chainalysis say about the incident? Or were they trying to take advantage of Chainalysis brand name to obtain trust and cover their mess? Coinomi also stated in their official statement that they have contacted Google, but there is no update regarding their claim since 27th February: Moreover, they accused me of blackmailing them. In other words, I sent the stolen crypto-currency to myself and blamed them for my loss. So how come now they change their story and confirm that the funds were indeed stolen! What I'm trying to imply is that Coinomi is full of lies and contradictory statements. They spread false facts to mislead the community and hire companies and individuals to support them.

Making Things Clear

CipherBlade was hired by Coinomi to write the report, and they clearly stated that in their report: It's funny to see how they select the phrases to make things much more pleasing. They used the phrase “we were compensated for our time” which actually means we got paid to write the report. It's obvious that CipherBlade was favoring one party over the other, otherwise, what's the purpose of Coinomi spending money for a non-guaranteed report favoring their side and influenced by them. Moreover, CipherBlade ignored all my solid facts and evidence in my first and second statements. They based their report just on assumptions with no solid facts such as the cause of my loss was a malware infection. They ignored solid proof that my seed/passphrase was sent to Google, and Coinomi is legally obliged to communicate with Google and start an investigation. Instead, CipherBlade ignored that fact because obviously, it does not support Coinomi's position in this case. CipherBlade kept implying multiple times in their report that I should report the incident to law enforcement agencies as theft rather than filing a legal case against Coinomi. I have emphasized numerous times on social media that my job is not to find the person who stole my crypto-currency assets. My job is to sue Coinomi for my loss because their software had a hidden feature that was not mentioned in their documentation nor in their terms of use which sent my seed/passphrase to a third-party server. I didn't use Google API services directly, I simply used Coinomi's wallet, which had a feature that sends your seed/passphrase to Google servers. Therefore, Coinomi is legally responsible for contacting Google and finding the criminal. For example, when an exchange gets hacked and users' funds get stolen. Do the affected users file a case against the exchange or against the person who hacked the exchange? Of course, it will be the exchange because they trusted the exchange to keep their funds safe and that's exactly what all Data Breach laws in the UK and Europe are all about. It seems that CipherBlade has zero knowledge about Data Breach laws, and yet they claim they know how to proceed with legal actions and give legal advice. Ironically, CipherBlade claims that they are a cyber-security firm and yet they did not acknowledge even once in their report that the "Spell Check" bug was a CRITICAL vulnerability. For that reason, I nominate CipherBlade as the best cyber-security firm you can hire for your organization ever (pun intended).

CipherBlade’s Report

When you hear about a case study report written by a so-called blockchain analysis firm, you would expect something technical with substantial evidence. But In CipherBlade's case, the full report was focusing on claiming negative arguments against me and acknowledging positive points towards Coinomi with just assumptions. The report seems written by a law firm to defend its client (or written by Coinomi). Most of the arguments that they raised have been addressed in my first and second statements. In this part, I will highlight and quote some of the false arguments that CipherBlade used in their report to endorse Coinomi's position positively. Quoting from CipherBlade’s report: This is a clear example of how CipherBlade is contradicting itself. They confirm that digital signatures are used to approve that a file is indeed created by the original developer and has not been tampered with. In Coinomi's case, the main executable files were not digitally signed, and this makes my point valid. CipherBlade also claims it's nearly impossible for a digitally signed installer file to contain a malicious executable file. To be honest, that's one of the worst statements I have ever read, and it clearly shows how CipherBlade lacks technical and cyber-security knowledge specifically. They are basically saying a digital signature prevents malicious files from being deployed! A digital signature is used to build trust between the developer and the user. If for any reason the digital signature certificates get compromised, then the attacker can digitally sign malicious files on behalf of the original developer. Another scenario is when an attacker manages to modify one of the executable files before the building process or creating the final setup or installer file. Below is a real story on how a "digitally signed" application had a backdoor:

Powerful backdoor found in software used by >100 banks and energy cos. Now let me drop one final bombshell to end this argument. Why did Coinomi delete the following tweet where they confirmed the missing digital signature? Doesn't that raise suspicion?

Screenshot of the tweet

Link to the original tweet Moving to the next statement: I have addressed this argument in my second statement in detail and explained why I was probably one of the few first victims. I have stated a fundamental fact that the desktop wallet was barely new (less than 3 months old) and provided other facts which you can read here:

Second Statement: Patient Zero There were also several reports of stolen funds of users who used Coinomi's wallet before and after my incident. This can be due to the same vulnerability, probably another backdoor in Coinomi's wallet or users' lack of security precautions. But in my case, it was apparent how my crypto-currency assets got stolen because of Coinomi's "Spell Check" hidden feature. Calling my solid fact as a "hypothesis" is another misleading statement. I have already explained in details in my second statement how Google clearly declares that it treats invalid requests that are sent to their API server with special care, and you can find the details here:

Second Statement: Legal Implications Moving on to the final quote in this part: CipherBlade claims that the possible cause of my stolen crypto-currency assets is malware that monitors the computer's clipboard. Once more, it's just an assumption that I have already addressed in my video response. As I have stated in the video, Coinomi was installed on an isolated virtual machine. Both my main machine and the virtual machine have an Anti-Virus/malware application installed. To be more specific, both machines have SpyShelter installed. SpyShelter is an advanced Anti-Spyware with Host Intrusion Prevention System (HIPS). It detects the behavior of the application, regardless of being malware or not. It has a clipboard protection feature where it warns the user of any application that tries to capture the clipboard. You read about the feature on their website:

https://www.spyshelter.com/clipboard-protection/ Moreover, I have copied and pasted from my password manager several passwords related to other crypto-currency wallets, bank accounts, PayPal, Amazon, eBay, and many more during the past 5 years. Nothing was compromised or stolen, and yet the only thing that was stolen is the wallet that I pasted my seed/passphrase in which is Coinomi's wallet. Therefore, I'm calling out CipherBlade to enlighten me with their cyber-security wisdom.

The So-called Blockchain Forensics

Once again, I like how CipherBlade uses phrases like "Blockchain Forensics" to exaggerate their expertise and market their service. What they did is called "Blockchain Visualization" and anyone with average Blockchain analysis skills and knowledge can do better than that. In fact, I was able to get better visualization and data using free and open-source tools such as revealing some IP addresses and email accounts linked to some of the addresses involved in this chain of transactions. I will start quoting their so-called “Blockchain Forensics”: Once again, CipherBlade is contradicting itself. They stated earlier that the cause was probably due to a malware that monitors the computer's clipboard, but now they changed that into a Keylogger after analyzing ETH transactions. I wonder how they were able to convert the Blockchain visualization diagram into a malware characteristics conclusion! They are probably using some sort of elite NASA technology (they should apply for a patent). I'm honestly not sure how they came to that conclusion! Therefore let's raise some valid questions to CipherBlade: Did they provide any solid proof that links these addresses to any known malware?

The answer is clearly NO.

Did they provide any solid proof that these addresses belong to other victims?

The answer is clearly NO. Furthermore, they supported their claim with a graph that clearly shows the characteristics of a "mixing" service. Apparently, CipherBlade never heard or understands how a mixing service works. The other addresses they claim to be for other victims are possibly addresses of other people (whether criminals or not) used the mixing service. It can also belong to the mixer's addresses pool to fund the Consolidation Wallet and make things more difficult to trace. Each mixing service provider works differently than the other, and each has its own characteristics. Some make things harder to trace, and some are more traceable than others, but most of them fund your new wallet address with coins not involved in the mixing process, and they take all the risk. Below is a simple illustration taken from an existing mixing service (reference removed to avoid the accusation of promoting illegal services): On the other hand, when CipherBlade analyzed BTC transactions, they came to the conclusion that these transactions reflect mixing service characteristics: So the obvious question is, how come the same entity which stole my crypto-currency assets is characterized as a malware in ETH transactions and characterized as a mixing service in BTC transactions based on CipherBlade's analysis? Isn't that contradictory as usual? Moving to the final quote in this part: This statement hilariously made me speechless. What they are trying to say is that a crypto-currency thief should make a single or a direct transaction to move the stolen funds. That probably would be the most idiotic thief you would ever encounter in your life. The obvious thing that any crypto-currency thief would do is to find a way to make the stolen assets untraceable, and the simplest option is to use a mixing service.

Who The Hell Is CipherBlade?

The Challenge

CipherBlade has challenged me to upload an image of my virtual machine for Digital Forensics analysis to prove whether my machine was infected with a malware or not. My common sense tells why I should not trust a business that is registered on papers only with my data. Anyhow, I liked the concept of the challenge, so let's include Coinomi in the challenge and make the rules fair for both parties: Another trusted reputable third-party with solid backgrounds will be hired to do the Digital Forensics.

The fees required to do the Digital Forensics will be transferred to a trusted escrow service.

If the results of the Digital Forensics concluded that my machine was clean of malware, then Coinomi will pay the fees and take full responsibility to refund my stolen crypto-currency assets (17 BTC or what is equivalent to it). Otherwise, I will be responsible for covering the Digital Forensics fees. To make things more interesting, I have a small challenge for CipherBlade. They implied multiple times in their report that it would be reasonably easy to track down the person who stole my crypto-currency assets if proper procedures been followed. Therefore I give them full permission to recover all of my crypto-currency assets, and they get 25% of anything they recover as a bounty. At least they can later update their website and state that they were able to recover hundred thousands of dollars (pun intended).

Privacy Violation

CipherBlade has violated my privacy by publishing my personal crypto-currency wallet addresses without my consent (I have never mentioned my addresses publicly). These addresses are considered as private information, especially in my case, which involves illegal activity and should be only available for the authorities and the parties involved in the case. It's just another clear example of how CipherBlade lacks professionalism and more importantly knowledge about laws that govern privacy and data breach. Therefore, this incident will be reported to the Information Commissioner's Office as a privacy violation.

Final Thoughts

I believe after all the facts that I have listed, we can come to the conclusion that CipherBlade is your typical one-man show offshore company that is operated through a suspicious chain of shell companies. Their business model depends on profiting from people's loss and cleaning the mess of other companies by writing the so-called blockchain analysis reports. They got involved with Coinomi to profit from writing the report and gain publicity by deceiving the community with false facts that they have solved this controversial case. In reality, their report backfired at them and set the last nail in their coffin. On the other hand, I'm glad that Coinomi started to suffer financially by paying for an external report that backfired and gained them zero acknowledgments. Their next step probably going to be hiring a prostitute to come on camera and say that I sent her the stolen crypto-currency assets!

Info To discuss this subject on reddit To discuss this subject on bitcointalk.org To discuss this subject on Twitter To watch my official video response to Coinomi’s To discuss this subject on reddit click here To discuss this subject on bitcointalk.org click here To discuss this subject on Twitter click here To watch my official video response to Coinomi’s click here

Further updates will be posted through social media channels (@warith2020), (@avoid_coinomi) and if required will be posted here.