IOTA shuts down network temporarily to fight wallet hacker

Popular cryptocurrency IOTA has temporarily shut down its entire network after a hacker stole funds from ten of its highest-value users.

IOTA is a cryptocurrency that uses an alternative to the conventional blockchain technology seen in assets like Bitcoin. Called tangle, it’s a ‘blockless’ network that the development team created with vast connected networks of small-footprint connected machines (the internet of things) in mind. Its advantages include fast verification of transactions and no transaction fees. However, for this network to operate effectively, it needs a system called the Coordinator to protect the network when the transaction volume is low.

On Wednesday 12 February, IOTA published a status update, explaining:

Currently the Coordinator is halted until further notice to investigate reported issues with stolen funds. We ask you to keep the Trinity wallet closed for now until further notice.

In a series of further updates, the team explained that the problem lay in a third-party integration with the desktop version of Trinity, a wallet that the company released in July 2019. The vulnerability apparently allowed an attacker to steal users’ seeds – digital keys that provide access to the wallet’s funds. The IOTA team published an updated version on Sunday to fix the problem.

The attacker had hit ten people that the IOTA team said were high-value clients, and may have intended to work their way down to clients with fewer funds, it said.

Once it spotted the fraud, it contacted cryptocurrency exchanges to see if any of them had processed any of the stolen funds. It also notified them of the ‘bundles’ of IOTA cryptocurrency in question so that they can block them if the criminals attempt to sell them. It had already noticed the stolen funds being split apart and resent to other addresses as the criminals attempted to cover their tracks.

Early on Monday, the IOTA team published a three-step remediation plan to get things back on track. The first step is for users to install the updated version of the Trinity desktop wallet, changing their passwords in the process. Then, users should transfer their tokens to a safe seed using a seed migration tool that it will launch in the coming days. That will prevent attackers from making unauthorised cryptocurrency transfers, it said. It also wants all users to do this, even users of the mobile version of the wallet, just to be safe.

Finally, users will reclaim their stolen tokens. To do this, the IOTA team is taking a global snapshot of the network that users will have to validate. That will enable it to work with an unspecified third party to restore stolen tokens to their rightful owners, it said.

The cryptocurrency has suffered hacks before. In January 2019, British and German police arrested someone suspected of stealing $11.4m in IOTA by creating a fraudulent website that purported to generate digital keys used to secure wallets.

Market capitalisation for IOTA, which is now the 23rd largest cryptocurrency space according to CoinMarketCap, plummeted 25% from $975.74m on 12 February to $730.14m in the early hours of Monday 17 February. It rallied slightly early on Monday as news of the remediation plan spread.


Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.