Troubled crypto project IOTA is to reboot its network, some 20 days after it was taken offline following a major hacking incident.
After the project lost $400 million of its value following the closure, the decision to re-enable the network is designed to get the project back online, in what is being billed as a make-or-break move for the IOTA Foundation.
Cara Harbor, director of communications for the Iota Foundation, played down the severity of the attack, highlighting the response from the foundation to overcoming the hack: “The vulnerability at hand was only within the Trinity Desktop wallet and was indeed caused by the Moonpay integration. There is no vulnerability in IOTA itself or the protocol. While it is an unfortunate event, the actions of the Iota Foundation show that we are serious about the project and its users.”
“We take this attack incident very seriously and have not minimized the effect it has had on our community in any way. The actions and transparency that was taken by the Iota Foundation is a testament to that,” Harbor said.
Casper Niebe, a developer at Obyte, described the likely process of the hack, suggesting that the transaction data showed the hack was unlikely to have involved automated transfers. Niebe told another outlet the hacker was able to inject their own malicious code into the MoonPay plugin on IOTA, allowing them to harvest seed keywords to gain access to IOTA wallets:
“A major indication of the stolen funds having been manually moved is the amount of 28 GigaIOTA being left in each wallet it passed through. Two of the transactions in the ‘chain’ of transactions that spread the stolen funds in several wallets stand out. One is of 2.8 GigaIOTA, which indicates that the amount was entered with a missing ‘0’ digit. Another transaction was of only 2 GigaIOTA, indicating they missed the ‘8’ digit when entering the amount. Those mistakes would not have occurred if transfers were done using a script.”
Harbor said the response from the IOTA team shows how seriously they are responding to the attack.
“People less familiar with Iota have misinterpreted the fact that Iota currently has the coordinator, as an indication that the network is not decentralized. Currently, the Iota network is decentralized with several hundred nodes issuing and validating transactions. The confirmation process relies on milestones that are issued by the coordinator and validated by the entire network; in other words, the transactions’ finality, indeed, depends on this centralized component. However, all nodes verify all transactions and would not accept any ‘wrongdoing’ (like approving invalid transactions, double spends, etc.) from the coordinator.”
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.