Each and every transaction from the app requires confirmation of your password before being sent. Your private keys are kept encrypted at all times with your chosen encryption method (Password / Biometric / Both), so even if the app wanted, it would not be able to decrypt the keys without the password.
Unauthorized transactions can only be made by:
- someone who has access to your seed phrase or
- someone with access to your device and knows your password.
There is no other way. You can read about Coinomi's security here.
First steps:
- If you still have remaining balances in the wallet you need to move them to a new phrase immediately to ensure these are not taken by the same person who made the other transactions.
- Check how you store your Recovery Phrase backup. If you store it electronically in any way (on text file in your computer, in an email or instant message sent to yourself, as a screenshot saved in your album), your account on the service where it is stored was most likely hacked.
- After finding and fixing the cause of the compromise, it may be safe to create yet a new Phrase that you are now sure is secure, and move funds again to it.
- Never use the compromised Phrase again. Any new transactions to it are at risk of being stolen again.
If you would like us to look into the transactions to see if we can spot any obvious issues / mistakes. Please open a ticket at https://coinomi.freshdesk.com/support/tickets/new and provide as much detail as possible so we can take a look
For any questions about this guide please open a live chat directly in the app or on this site so we can answer these for you. We promise the fastest response time in the industry.