IOTA Updates Trinity Desktop Wallet to Partly Address Recent Hack

Published at: Feb. 17, 2020

Following an apparent hack of IOTA (MIOTA) official wallet on Feb. 12, the IOTA Foundation has released a safe desktop version of the Trinity wallet.

According to a Feb. 17 update post, IOTA should update their Trinity apps to securely check their balances and transactions via Trinity 1.4.1, a new version that is designed to remove the recently detected vulnerability from the wallets.

IOTA’s network coordinator is still paused for an upcoming token migration

Released on Feb. 16, the new version of the wallet doesn’t apparently represent the full solution of the recent breach because the IOTA’s dedicated network Coordinator, is still on hold. According to an update posted on Feb. 16, the Coordinator remains down as the foundation is finalizing their “remediation” plan, making users unable to send value transactions.

According to the latest update, the IOTA Foundation will restart the Coordinator only after users migrate their tokens to safe seeds. The foundation noted that IOTA will release the seed migration tool in “upcoming days,” noting that the action will be another important measure to protect user funds. They wrote:

“By migrating your tokens to new, safe seeds prior to the re-start of the coordinator, you will render the attacker incapable of making unauthorized transfers of your tokens if s/he has not already done so.”

Hack started in late January

In the latest post, IOTA also noted that IOTA’s security team has managed to discover that the hack started on or around Jan. 25, 2020, allegedly targeting only Trinity users on desktop. However, the firm is still recommending that both desktop and mobile users should migrate their tokens to a new seed as soon as the migration tool is released.

The losses in the hack remain undetermined

According to information on the thread, the IOTA Foundation has not yet calculated the sum of the losses caused by the hack. As the firm is still finalizing its remediation plan, it appears to remain unclear how much funds have been lost due to the attack. In a Feb. 14 update, IOTA explicitly noted that some funds have been stolen:

“The stolen funds have been purposely and repeatedly merged and split to obfuscate the investigation [...] Our current assumption is that the perpetrator targeted high value accounts first, before moving on to smaller accounts and then being interrupted early by the halt of the coordinator.”

Additionally, some online users also expressed confidence that the lost funds will be reimbursed. According to some reports, the Trinity desktop wallet may have lost between $300,000 and $1.6 million.

Cointelegraph has asked the IOTA Foundation to provide their evaluations on the amount of lost funds in the hack but did not receive an immediate response. This story will be updated should they respond.

While the IOTA Foundation emphasized that the recent exploit only relates to the Trinity Wallet, and the IOTA core protocol wasn’t breached, some users suggested that the security breach could be attributed to the IOTA Foundation. The Trinity Wallet was officially released by the IOTA Foundation in July 2019, touted as a major improvement to ease-of-use and security for users conducting transactions in IOTA.

The IOTA Foundation, a firm maintaining MIOTA, the 22th biggest crypto asset by market capitalization, has already been known for facing network issues. In late 2019, IOTA users were unable to confirm transactions for 24 hours due to a mainnet incident. Despite the hack news, MIOTA is up nearly 7% over the past 24 hours as of press time, according to Coin360.

Tags
Related Posts
IOTA Urges Trinity Wallet Users to Use Seed Migration Tool
Responsible for one of the top performing cryptocurrencies, IOTA is continuing to release new information in response to a Feb.12 hack on its official wallet. According to a Feb. 19 status update, the IOTA Foundation strongly recommends users of the Trinity Wallet to immediately change their passwords and use the seed migration tool to protect their assets. Trinity users who opened or updated their wallets between December 17th, 2019 and February 18th, 2020 may be vulnerable. Trinity users - If you opened #Trinity between Dec 17th 2019 - Feb 18th 01.30 CET 2020, you will need to use the seed …
Technology / Feb. 21, 2020
Iota Network Relaunched Following Trinity Wallet Theft
After almost a month following a massive hack, the Iota Foundation has brought their network back online. The Iota network was relaunched on Tuesday following the Feb. 12 attack on the platform’s Trinity Wallet software. Although the network was shut down that same day to prevent further security breaches, 8.55 million MIOTA — approximately $2 million — was stolen from 50 users of the digital asset wallet. In a March 10 blog post, the IOTA Foundation announced the Coordinator — the centralized node curating all transactions — was back online following a seed migration period. The desktop version of Trinity …
Technology / March 11, 2020
Beware of Fake Ransomware Decryption Tools
As free ransomware decryptor tools begin to enter the market, a wave of fake software that claims to decrypt ransomware-affected files has begun to proliferate. According to a report released by Bleeping Computer on June 5, the creators behind Zorab ransomware released a fake STOP Djvu decryptor. Instead of recovering a victim’s data however, this software appears to encrypt their files further with a second ransomware. When the victim opens one of these tools, the software extracts an executable file called crab.exe. This is the Zorab ransomware itself. Once executed, the tool will encrypt all files present with a .ZRB …
Technology / June 7, 2020
IOTA Foundation Launches Trinity, a New Software Wallet for IOTA tokens
The IOTA Foundation has launched the Trinity wallet, as the organization announced in a press release on July 2. The announcement advertises the Trinity wallet as an improve to both ease-of-use and security for users conducting transactions in IOTA, with the purported goal of appealing to both new and advanced users. Reportedly, the wallet’s beta version has seen 160,000 downloads and transactions worth over $1.8 billion of IOTA. Cybersecurity firms SixGen andAccessec audited the application in advance of release. As a software wallet, Trinity is designed for compatibility with Ledger’s hardware wallets, as Ledger has worked alongside the IOTA Foundation …
Altcoin / July 2, 2019
‘Blockchain Bandit’ Has Stolen 45,000 ETH by Guessing Weak Private Keys, Report Claims
A “blockchain bandit” has managed to amass almost 45,000 ether (ETH) by successfully guessing weak private keys, according to a report released by Independent Security Evaluators on April 23. Adrian Bednarek, a senior security analyst, said he discovered the sophisticated hacker by accident. While guessing a private key is meant to be a statistical improbability, he managed to uncover 732 private keys through his research — giving him the ability to complete transactions as if he was the account holder. The report notes that rather than using a brute force search for random private keys, it used a combination of …
Blockchain / April 23, 2019