The IOTA Foundation has suspended its network on Wednesday following reports of a possible vulnerability of its Trinity wallet. The foundation has identified a dozen victims, and the total loss of IOTA tokens has estimated between 300,000 to 1.6 million dollars. IOTA investigated the situation with law enforcement and cybersecurity experts.
14 February, 2020 | AtoZ Markets – The IOTA team has halted the coordinator and is investigating reports of a possible vulnerability in Trinity wallet. The IOTA recommended that no one open Trinity until further notice while investigating the incident. It is yet unknown how long the network interruption will last.
The team suddenly takes more drastic measures, suggesting that the problem may not resolve quickly. In addition to closing the network, IOTA investigated the situation with law enforcement and cybersecurity experts. It also used KYC information to reach the victims.
IOTA Trinity Wallet Facing Vulnerability Issue
This attack only affects Trinity, which was first published in July 2019 as a user-friendly wallet. Although two cybersecurity companies have audited Trinity, it seems likely that the short lifespan of the software caused researchers to overlook the vulnerabilities. The team suggested that early versions of Trinity could be responsible for the attack, although this has not yet confirmed.
Trinity is a wallet available for Mobile, Windows and macOS, so a wide variety of users could be affected, but initial reports have only identified ten victims. The IOTA team already communicated half of the reported victims.
The IOTA does not disclose many details about the incident at the moment. But the evidence is pointing towards recovery seed theft. It is not yet known how the seeds could have been stolen. So far, no mobile users have affected, only one Mac user has affected, and the rest of the victims are Windows Trinity users.
Although very few wallets have compromised, a large amount of money has stolen. The team predicts that $ 300,000 to $ 1.6 million IOTA token has been stolen so far. It is interesting to note that the protocol’s zero-fee approach has an advantage. It is still possible to carry out data transactions during network shutdown, even if transactions with financial value are impossible. Last year, IOTA had been able to recover almost $11 million worth of token stolen from investors’ wallets.
The IOTA foundation continues to investigate the reports and will publish a full summary once the investigation completed. It cannot exclude other causes for the moment.
Think we missed something? Let us know in the comments section below.