- Trinity wallet App, may have been compromised
- IOTA has had security issues in the past
The IOTA team has halted the coordinator and are currently investigating reports of a possible vulnerability in its Trinity wallet. The team has recommended that nobody open Trinity until further notice while they investigate the incident.
TRINITY WALLET APP, MAY HAVE BEEN COMPROMISED
IOTA, a blockchain project aimed at solving integration with the Internet of Things (IOT), has been either attacked or a vulnerability has been exploited in the Trinity wallet app. The foundation has recommended that users do not open Trinity, until they have found the cause of the exploit.
Trinity is a wallet that’s available for Mobile, Windows, and MacOS, so a wide variety of users could potentially be affected, however early reports have only tallied 10 victims. Half of the reported victims are in communication with the IOTA team.
The details regarding the incident are thin at the moment, but we do know that evidence is pointing towards recovery seed theft. It is unknown at present how the seeds could have been stolen. So far, no mobile users have been affected, only one Mac user has been affected and the rest of the victims were Windows Trinity users.14 BTC & 30,000 Free Spins for every player, only in mBitcasino’s Crypto Love Affair! Play Now!
The IOTA foundation is still investigating the reports, and will be releasing a full summary once they conclude the investigation. They cannot rule out other causes at this time.
If you have been affected, the team urges you to reach out via their Discord #help channel. They also have an official page with updates of the current investigation, here.
IOTA HAS HAD SECURITY ISSUES IN THE PAST
IOTA’s wallets have had security vulnerabilities in the past. Early implementations of IOTA’s wallet were reported to be unstable, and caused tokens to be lost or sent to incorrect addresses. Many early users had complaints, and the team responded by making a series of improvements to the wallet.
In another incident with a major security vulnerability, IOTA employed a self-rolled hash function which was criticized by a team of MIT researchers. The IOTA team denied the vulnerabilities found by the MIT team, and a flaming war ensued on social media.
IOTA corrected the cryptographic vulnerability shortly after, but it was commented on by independent cryptographic researchers. IOTA insisted MIT misrepresented the risks, as well as their findings.
In another incident with a malicious actor, a British hacker stole over $11 million in IOTA tokens and was apprehended by law enforcement. The IOTA foundation was able to recover almost all of the stolen funds, but still suffered a reputational hit on security vulnerabilities.
Despite Network Outage, IOTA Investors Continue to “HODL”
IOTA recently had to shut down its network due to an attack on its official wallet, Trinity. Despite the significance of the outage, a recent poll suggests that investors will not sell their holdings once the network is reinstated.
IOTA Holders Remain Positive
On Feb. 13, the IOTA Foundation was obligated to turn off the Coordinator, a system that checkpoints valid transactions, following a vulnerability exploit in its Trinity wallet.
Thus far, ten victims have been identified and the losses are estimated to be between $300,000 and $1.2 million worth of IOTA.
Due to the network outage, nobody can send or receive IOTA at the moment. Nevertheless, investors do not seem bothered about this fact.
Julian Hosp, co-founder of Cake DeFi and I-Unlimited, conducted a Twitter poll asking IOTA holders whether they plan to sell or hold their tokens once the network is back online. Out of the 1,610 respondents, 67.5% percent said they will continue to hold their tokens while only 32.5% showed their intent to sell.
A Twitter user under the pseudonym C4chaos affirmed that he will remain a “HODLer” and is currently waiting to move his tokens through the “seed migration tool.” He insisted that if IOTA is able to resolve this issue he would likely become a “perma bull” and buy more tokens in the event of a sell-off.
Along the same lines, another Twitter user said that “sellers are already gone, because they could’ve sold their IOTA at the exchanges.” He believes that those who kept their funds in the Trinity wallet are long-term investors and will continue to hold their tokens until their investments flourish.
Although IOTA holders appear positive, there is a high probability of a sell-off after the network is reinstated, according to Hosp.
A look at IOTA’s price chart could give a better idea of where this cryptocurrency could go if the selling pressure behind it increases.
Strong Support Ahead
Based on its 12-hour chart, IOTA is sitting on top of a significant support level presented by the 100-twelve-hour moving average (MA). If investors indeed rush to exchanges to sell their holdings once the network is back online, this hurdle could break pushing the price of this cryptocurrency down.
A candlestick close below the 100-twelve-hour MA suggests a move to the 200-twelve-hour MA, which could prevent the price of IOTA from a steeper decline. This support barrier is currently sitting at $0.23.
If the 200-twelve-hour MA fails to contain the fall, market participants could panic sell their tokens sending the price to $0.20 or $0.15.
Nevertheless, if the 100-twelve-hour MA continues to hold, the bearish outlook could be invalidated. A spike in buy orders could take IOTA to test the resistance given by the 50-twelve-hour MA. Breaking above this level could send this crypto further up to test the recent yearly high of $0.37.
It is worth noting that this is not the first time that the IOTA network has been halted. In December 2019, it was briefly shut down for 15 hours due to technical issues rather than a security threat. Following the incident, IOTA’s price appreciated over 16% .
Now, it remains to be seen how market participants will react once the network is fully functional.
IOTA HOLDERS URGED TO CHANGE WALLET PASSWORDS NOW
- MANY IOTA ACCOUNTS MAY BE COMPROMISED
- FULL REPORT PROMISED
After releasing an update for their compromised Trinity wallet, the IOTA Foundation is directing users to change their passwords. More steps will soon be announced to ensure funds are secure.
MANY IOTA ACCOUNTS MAY BE COMPROMISED
Last week the Iota Foundation stopped its network, the Tangle, after hackers stole funds from at least ten high-value accounts. The foundation soon tracked the vulnerability to the desktop version of Trinity.
The foundation states:
The foundation is confident that only users that opened desktop Trinity during the specific date range are at risk. Nevertheless, it has also released an update for the mobile wallet, and is calling on those users to change their passwords out of an “abundance of caution.”
The password change is only the first step in resolving this issue. Users will also need to acquire new seeds, which are the 81 character keys that hold Iota tokens on the Tangle. The foundation promises soon to release a seed migration tool to enable this process. The network will not be restarted until after the tool has been made available.
FULL REPORT PROMISED
The IOTA Foundation promises a full report on this hack. The vulnerability appears to be connected to MoonPay, a service recently integrated into Trinity that enables users to purchase IOTA directly from within the wallet. The MoonPay feature does not appear in the patched version.14 BTC & 30,000 Free Spins for every player, only in mBitcasino’s Crypto Love Affair! Play Now!
Regardless of the cause, this is a serious breach of the IOTA platform. Although it appears that the hackers did not compromise the core protocol, they may have acquired a large number of seeds. Thus, users that do not use the migration tool will remain vulnerable.
IOTA holders that have lost funds are encouraged to contact the foundation through its Discord channel. The foundation has stated that it is working on a remediation plan for the theft victims. It is unclear, however, if this plan will involve direct compensation or a chain reorganization. The foundation is also working with law enforcement to help locate the perpetrators.
This event is one of many incidents of theft that have become common in the crypto space. It is proof positive that blockchain technology remains a work in progress, and that even very secure platforms can be made vulnerable. Before this incident, Trinity had been independently audited and was widely considered extremely safe to use.
IOTA announces fix for the bug that caused the Trinity wallet hack, Twitter reaction mixed
- IOTA has said that it is making progress in the hack investigation and is taking the necessary steps to compensate the victims.
- The hack resulted in the theft of $1.6 million and IOTA was forced to take its Coordinator node offline to prevent further losses.
The IOTA team claims that they have created a patch for the vulnerability in the Trinity Wallet, which caused the recent hack, resulting in a loss of $1.6 million. Following the attack, IOTA’s Coordinator node went offline to avoid further theft.
Regarding the patch, IOTA reported:
We have also remediated the vulnerability in Trinity. The upcoming Trinity update will not function as a final transition tool, as we are still working on bringing the network back to full operation. If you have Trinity installed on your computer, we highly recommend you upgrade to this version when released.
IOTA has also disclosed that it is making progress in the hack investigation and is taking the necessary steps to compensate the victims. As per this Sunday’s update, they are building a real-time fund tracker as a part of an expanded toolset for the network.
Peter Todd:“To protect users, we have paused the Coordinator and advise users not to open Trinity until further notice.”
In case you were wondering if IOTA is centralized. It is. 100%
The IF’s response to this downstream vulnerability in a Trinity dependency has been nothing less than immediate, efficient and professional.
It is the nature of their response that will be remembered by the market, their partners and #IOTA adapters– not the hack.