IOTA Halts Network as It Investigates Trinity Wallet Attack
Transactions have been suspended temporarily Mike Dalton Feb.14, 2020
IOTA has shut down its network in order to deal with an ongoing attack against its Trinity wallet, according to an announcement published on Thursday, Feb.13.Currently, #IOTA is working with law enforcement and cybersecurity experts to investigate a coordinated attack, resulting in stolen funds.To protect users, we have paused the Coordinator and advise users not to open Trinity until further notice.Updates: https://t.co/ME3Cvki3k9
— IOTA (@iotatoken) February 13, 2020
It is not clear how long the network outage will last.When IOTA first announced the attack on Feb.12, it merely advised users not to open or use the Trinity wallet.
The fact that the team is suddenly taking more drastic action suggests that the issue may not be resolved quickly.
In addition to shutting down the network, IOTA has been investigating the situation with law enforcement and cybersecurity experts.It has also used KYC information to reach out to victims.
Details of the Attack
This attack only affects Trinity, which was first released in July 2019 as a user-friendly wallet.
Though Trinity was audited by two cybersecurity firms, it seems likely that the software’s short lifespan caused researchers to overlook vulnerabilities.The team has suggested that early versions of Trinity may be to blame for the attack—though this has not yet been confirmed.
Naturally, IOTA has revealed very few details about the attack in order to prevent other attackers from carrying out the same exploit.
So far, IOTA has only suggested that attackers stole seeds, allowing them to recover wallets that Trinity users have already created.
IOTA has also revealed the scale of the attack.About ten victims are currently in contact with the team, and those victims likely account for half of all affected users.
Although very few wallets have been compromised, a large amount of money has been stolen.The team predicts that $300,000 to $1.2 million worth of IOTA has been stolen so far.
Interestingly, the protocol’s zero-fee approach provides a benefit: it is still possible to make data transactions during the network’s downtime, even though transactions with financial value are impossible.Other IOTA Controversies
IOTA’s security has been the topic of discussion before.Most famously, potential vulnerabilities in IOTA became a topic of debate in 2018, when IOTA developers and MIT’s DCI team began to dispute the security of IOTA’s hash function.
In an unrelated event, an attacker stole $11 million of IOTA in a phishing attack in 2018.The attacker essentially set up a fake website that distributed his own addresses as new addresses—a simple line of attack that is also common on address generators for Bitcoin and other cryptocurrencies.
IOTA’s availability is also a recurring issue: its network briefly shut down for 15 hours in December, though this shutdown was due to technical issues rather than a security threat.
With such a wide variation of issues, it is not clear if IOTA is more or less secure than other blockchain projects—but the fact that one of its flagship apps was attacked this week is not a good look.
Disclaimer
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc.makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website.
Decentral Media, Inc.is not an investment advisor.We do not give personalized investment advice or other financial advice.The information on this website is subject to change without notice.
Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate.
We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice.We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment.We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities..