Each and every transaction from the app requires confirmation of your password before being sent. Your private keys are kept encrypted at all times with your chosen encryption method (Password/Biometric/Combination of both), so even if the app wanted, it would not be able to decrypt the keys without the password.
Unauthorized transactions can only be made by;
- someone who has access to your seed phrase or
- someone with access to your device and knows your password.
There is no other way. You can read about Coinomi's security here.
If you still have remaining balances in the wallet you need to move them to a new phrase immediately to ensure these are not taken by the same person who made the other transactions. You can find information on moving to a new phrase here
If you would like us to look into the transactions to see if we can spot any obvious issues/mistakes. Please open a ticket at https://coinomi.freshdesk.com/support/tickets/new and provide as much detail as possible so we can take a look
For any questions about this guide please open a live chat directly in the app or on this site so we can answer these for you. We promise the fastest response time in the industry.