IOTA Trinity Wallet Vulnerability Reported, $1.6 Million Stolen

IOTA Threatens Researchers and Denies Critical Flaw - but Fixes it Anyway

The IOTA team has halted the coordinator and are currently investigating reports of a possible vulnerability in its Trinity wallet. The team has recommended that nobody open Trinity until further notice while they investigate the incident. Trinity wallet App, may have been compromised
IOTA, a blockchain project aimed at solving integration with the Internet of Things (IOT), has been either attacked or a vulnerability has been exploited in the Trinity wallet app. The foundation has recommended that users do not open Trinity, until they have found the cause of the exploit. About $1.6 Million USD worth of #iota have been stolen from ~10 high-value accounts. Bug is likely in the (official) desktop wallet. Network completely stopped for nearly 24 hours now.#IOTAstrong just keeps on giving. pic.twitter.com/CMwyRRtYy0
— 00xou (@00xou) February 13, 2020 Trinity is a wallet that’s available for Mobile, Windows, and MacOS, so a wide variety of users could potentially be affected, however early reports have only tallied 10 victims. Half of the reported victims are in  communication with the IOTA team.
The details regarding the incident are thin at the moment, but we do know that evidence is pointing towards recovery seed theft. It is unknown at present how the seeds could have been stolen. So far, no mobile users have been affected, only one Mac user has been affected and the rest of the victims were Windows Trinity users.
The IOTA foundation is still investigating the reports, and will be releasing a full summary once they conclude the investigation. They cannot rule out other causes at this time. If you have been affected, the team urges you to reach out via their Discord #help channel. They also have an official page with updates of the current investigation, here.
IOTA has had security issues in the past
IOTA’s wallets have had security vulnerabilities in the past. Early implementations of IOTA’s wallet were reported to be unstable, and caused tokens to be lost or sent to incorrect addresses. Many early users had complaints, and the team responded by making a series of improvements to the wallet.
In another incident with a major security vulnerability, IOTA employed a self-rolled hash function which was criticized by a team of MIT researchers. The IOTA team denied the vulnerabilities found by the MIT team, and a flaming war ensued on social media.
IOTA corrected the cryptographic vulnerability shortly after, but it was commented on by independent cryptographic researchers. IOTA insisted MIT misrepresented the risks, as well as their findings.
In another incident with a malicious actor, a British hacker stole over $11 million in IOTA tokens and was apprehended by law enforcement. The IOTA foundation was able to recover almost all of the stolen funds, but still suffered a reputational hit on security vulnerabilities.
What do you make of the latest IOTA theft? Add your thoughts below! Images via Shutterstock, Twitter @00xou