Are your customers leaving nasty online stains on your crypto business? Perhaps you’d like an authoritative opinion on your cyber-smear? In Cryptoland, the laundry business is thriving, and self-styled blockchain cyber-sleuths CipherBlade are here to help your company restore its reputation.

CipherBlade was, of course, the company that crypto exchange ShapeShift turned to in an effort to counter the allegations that it was facilitating money laundering after the Wall Street Journal did a nasty dump on its reputation. CipherBlade also provided ready redress when another crypto exchange, Bitbuy, asked for a security audit to establish it as a safe platform.

Now the blockchain investigators are using an extra-strong flavor of bleach to rescue beleaguered crypto-wallet provider Coinomi from a former user who accuses it of relinquishing responsibility for his missing funds.


But the trouble with really nasty stains is that they’re not so easy to eradicate, particularly if you only address half the smudge.

CiperBlade’s report, How (Not) To React When Your Cryptocurrency Is Stolen, published last week, is well-written and considered. It’s even entertaining, if you’re partial to a bit of forensic melodrama. But it can hardly be described as “independent,” as the investigation agency does. Coinomi paid for it, after all. Then again, the thorn in Coinomi’s side—one-man, Coinomi-hating campaign Warith Al Maawali—hasn’t made things easy for himself, or the wallet provider.

Warith’s wallet

Without a doubt, Coinomi is mightily inconvenienced by the actions of its former user.

He has besieged the wallet startup on social media and has even taken out a Google ad, which appears above Coinomi’s own Google listing—ouch.

His shaming campaign is to draw attention to his allegations that the wallet provider is responsible for the $70,000 which disappeared from his Coinomi account last February.


The possibilities discussed by the warring parties, about what could have happened and who is to blame, have already taken up masses of digital space. (For those who really want to know, check out Al Maawali’s newsletter—updated regularly—here and Coinomi’s official statement here, as well as Decrypt’s initial report here.)

The company’s less than transparent structure—its use of a nominee director with links to scores of shell companies—is designed to keep the team shielded, based on the nature of its work.

Suffice to say, then, that the main thrust of Al Maawali’s allegations is that when he entered a seed phrase for wallet recovery into the Coinomi desktop wallet, the app sent the text of that seed phrase to the Google API for spell-checking in clear text. This, he says, is what caused his loss of funds.

Immediate investigation

CipherBlade’s report, however, paints a different picture. And while it raises pertinent questions, the report largely focuses on criticisms of the alleged victim and his actions.

Its main finding is that Al Maawali is to blame for “the situation,” which is “highly illustrative of wrong-headed and unproductive cryptocurrency theft victim behavior.”

CipherBlade’s pronouncement is that malware infection is the likely cause of the loss of the funds. Yet it also devotes a large chunk of the document to arguing that a mixing service, to disguise the provenance and destinations of funds, was responsible—that would presumably indicate a more premeditated attack.

Nevertheless, Coinomi admits that there were some issues with its system, which it claims it moved swiftly to address.

In moving to closed source code in 2018, Coinomi removed some of the assurances afforded to users on open-source systems, which allow them to review code to ensure it is free of bugs, according to independent security specialist and CEO of Guidepost Solutions, Julie Myers Wood.

However, Wood believes that the wallet provider took the actions that were to be expected in this situation. “It appears that Coinomi performed an immediate investigation upon being informed of the incident,” she said, adding that its subsequent engagement of CiperBlade is also “expected.”


Independent investigator

But CipherBlade’s credentials in examining such cases have been previously called into question.

In the aftermath of the ShapeShift/WSJ kerfuffle, CipherBlade was confronted with a series of allegations over perceived biases, curious connections to “hundreds of shell companies,” and supposed business ties to ShapeShift itself.

CipherBlade CEO Rich Sanders brushed aside the smears as “tin-foil hat” nonsense in an interview with Decrypt in March. And CipherBlade analyst Matt Greene explained that the company’s less than transparent structure—its use of a “nominee director” with links to scores of shell companies—is designed to keep the team “shielded,” based on the nature of its work.

The company’s detractors, however, may not find much to dissuade them in those answers.

Law enforcement

Nevertheless, CipherBlade’s report on the Coinomi affair prepares the ground for what should be the next stage of the inquiry, with its recommendation “to involve law enforcement agencies as soon as possible who can expect cooperation and obtain records from Google.”

When pressed on this point, Al Maawali told Decrypt that, actually, he’s already contacted a range of authorities in the U.K., where Coinomi is headquartered. They included the U.K.’s data watchdog, the Information Commissioner’s Office and the Foreign and Commonwealth Office, which promotes the U.K.’s interests overseas. He also said he had alerted the FBI, local authorities in Oman, where he lives, and the exchanges involved.

He is adamant that his job is not to find the person who stole his cryptocurrency assets, but to sue Coinomi for his loss, and is content to bide his time: Lawyers advised him that if the Commissioner’s Office confirms the case as a data breach, it would then be eligible as a "no win, no fee" case. He is thus awaiting the watchdog’s verdict, expected within weeks.

As Al Maawal’s argument centers on the Coinomi Google API, any data which can be retrieved from the world’s biggest search engine is central to his case. He maintains that only Coinomi can request this and claims that the wallet provider’s “don't have the leverage to force Google to investigate because they violated their terms.”


To verify that and perhaps more, the answer is obvious: Ask Google.

Stay on top of crypto news, get daily updates in your inbox.