Iota Prepares to Relaunch Network in One Week

Published at: March 2, 2020

Iota (MIOTA) began its seed migration period on Feb. 29, with plans to reopen the network around March 10. Though some have criticized the decision to close the Coordinator, it may have saved many users’ funds from being stolen.

Potential Moonpay compromise

The Iota network was shut off on Feb. 12, shortly after the team received multiple reports of drained user wallets. This was possible thanks to the presence of the Coordinator, a centralized transaction verifier that is required to operate the network.

Shutting down the Coordinator stopped the attacker from draining any more user wallets, giving the team time to investigate. The issue was not easy to solve, however, as they soon realized that many users had their private seeds compromised by the attacker.

The Iota Foundation (IF) identified a third-party integration with Moonpay, a fiat-crypto gateway service, as the likely culprit.

The wallet loaded the Moonpay code through a common but potentially insecure Content Delivery Network (CDN) call. It was accessed through a simple HTTPS request, similar to loading a browser page. Analysis of Moonpay’s Domain Name System (DNS) provider, CloudFlare, revealed that the attacker had manually changed the IP behind the CDN address.

This was allegedly done through a CloudFlare API key that granted the necessary authorization. It is not clear how the attacker may have obtained it, though it seems very likely that it required some kind of close contact with the Moonpay team, possibly a physical compromise. The ability to independently steal CloudFlare keys would be a very serious vulnerability of its own.

The changed DNS allowed the hacker to serve his own malicious code to each user’s wallet. The injected software then registered both the password and seed of the wallet and sent it to the attacker.

The attack was first studied on Nov. 27, and was fully exploited starting on Jan. 25. On Feb. 10, Moonpay patched the vulnerability, allegedly without informing the Iota team of what had happened.

During that time frame, the hacker was able to steal at least 8.55 million MIOTA, worth $1.87 million at press time.

Network on vacation

While the network shutdown prevented any more tokens from being stolen, relaunching it as is would allow the hacker to continue undisturbed. For this reason, the Iota team had to develop a seed migration tool that would immediately transfer the tokens away from the affected wallets.

After starting on Feb. 29, the team is giving users seven days to undergo the transfer procedure. The Coordinator will be reenabled between March 7 and March 10 — just shy of one month of network inactivity.

Many commentators criticized Iota for its apparent centralization, claiming the network is “dead.” Few other networks could have been shut down so easily, but some Iota fans argue this was a positive thing, as it prevented a much larger theft.

Dominik Schiener, co-founder of Iota, commented to Cointelegraph:

“While this was a very unfortunate event, it shows that we at the IOTA Foundation are very committed to protecting the funds of the IOTA users and it shows that we have professionally responded to such a major incident. While our trust may be broken for some within the crypto community, our partners still stand behind us and believe in the future of IOTA.”

He then referred to the upcoming Chrysalis upgrade and the launch of an incentivized Coordicide alpha network as the next evolution of Iota. “We feel confident that we will work our way back to where we were and make everyone within the community believe that IOTA is on the right path,” he added.

Tags
Technology
Hacks
Tangle
Iota
Security
Related Posts
Cybersecurity firm uses encrypted hard drive with Bitcoin to test applicants
Researchers wishing to apply to New York-based Red Balloon Security have to complete an unusual technical interview as part of their application process: unlocking a hard drive containing crypto. According to a report from Business Insider, Red Balloon sends the hard drives to certain candidates for cybersecurity research positions at the firm. Anyone who has the “the skills and passion” to crack the encryption would be able to claim 0.1337 Bitcoin (BTC), or roughly $4,800 at the time of publication. Applicants who are able to access the coins are told to purchase a ticket to New York City for the …
Technology / Jan. 18, 2021
Millions of Telegram Users’ Data Exposed on Darknet
Telegram, a major privacy-focused messaging app, has suffered a data leak that exposed some personal data of its users on the darknet. A database containing the personal data of millions of Telegram users has been posted on a darknet forum. The issue was first reported by Russian-language tech publication Kod.ru on Tuesday. According to the report, the database contains phone numbers and unique Telegram user IDs. It remains unclear exactly how many users' data was leaked while the database file is about 900 megabytes. About 40% of entries in the database should be relevant Telegram has reportedly acknowledged the existence …
Technology / June 24, 2020
Iota Founder Confirms He Will Repay Victims of $1.97 Million Hack
On Feb. 12 Iota (MIOTA) suffered an attack targeting its official desktop wallet. The Iota network went offline on the same day, and has remained down since. On March 6, David Sønstebø, the founder of Iota, revealed that he will personally fully repay all 46 victims of last month’s Iota hack to the tune of 8.52 million MIOTA — worth roughly $1.97 million at the time of writing. Cointelegraph spoke to David directly, who confirmed that he will reimburse all affected users from his own pocket, and that the Iota Foundation remains on track to relaunch the network on March …
Altcoin / March 7, 2020
Coinbase discloses recent cyberattack targeting employees
Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said. As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions: "While the majority ignore this unprompted message - one employee, believing that it’s an important …
Technology / Feb. 22, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023