January 22, 20183min750

IOTA wallets were hacked

IOTA wallets were hacked, they stole Millions. Individuals have been left with emptied wallets due to malicious websites providing users with a new wallet seed.

Two days ago, many users reported having their funds in their IOTA wallets stolen from an unknown source. The cause? Online seed generators. The damage is estimated on around $4million. Online seed generators for IOTA are websites that provide users with a quick solution to generate a new seed for their IOTA wallet.

When you create your IOTA wallet you have to create 81-character seed rather than generation being baked-in. There are workarounds as outlined by the HelloIOTA website. It includes using an IPFS seed generator or creating a key using either the Mac or Linux terminal.

The top hit for online seed generation for IOTA wallets has since taken down its website. It left a message simply stating “Taken down. Apologies.”. The generator would require viewers to move their mouse around to “generate randomness,” and then provide a seed that fit the requirements of an IOTA wallet. It also provided a version of the seed encoded as a mnemonic phrase as well.

According to a blog post from a Network member – Ralf Rottmann, the attackers deployed a DDoS attack against popular IOTA fullnodes. They left victims of the hack unable to rescue any of their funds:

The attackers knew the seeds. You invited them into your wallet, by handing them your keys on a silver platter. The community of fullnode operators is discussing various strategies to better protect public community nodes from this specific and similar DDoS attacks in the future.

The IOTA community has been quite clear about online seed generators. They encouraged users to change elements of the seed in order to prevent any vulnerabilities. They have also been repeatedly pointing to the fact that the vulnerability has nothing to do with IOTA’s technology and rather just seed generating services.

IOTA has gone through a bit of drama in a past few months. Especially with their Microsoft partnership clarification after a botched press cycle and patched vulnerabilities found back in the fall. In October, the IOTA team also took custody of at-risk funds due to another vulnerability with the use of a snapshot.

Although quite ambitious, the tangle seems to always be tangled up in controversy.

About us

We are the new economy news hub. 2100NEWS is the professional index, data, and tools provider in the digital asset space, offering Crypto Market Intelligence, providing the perspective you can trust and equipping you with information edge you need to stay ahead. (Real-time data of token issuers and news, analysis and commentary from community.) We are very excited to contribute to the evolution of the industry and build an ecosystem around our offering (the institutional-grade data infrastructure required to enable institutional investments in digital assets). We want our contributions (Contents and Tools on 2100NEWS.com) to be useful for helping investors.




    • ethereumEthereum (ETH) $ 3,113.45 0.1%
    • litecoinLitecoin (LTC) $ 83.77 0.36%