The attack announcement
On 12 February IOTA announced that they are investigating suspicious activity on Trinty, and advised users not to open or use the Trinity wallet.
On 13 February IOTA has has shut down its network, talking about a coordinated attack, resulting in stolen funds.
The users was advised to not open the Trinity wallet until further notice.
The IOTA Foundation shut down "Coordinator," a node in the IOTA network that puts the final seal of approval on any IOTA currency transactions.
The protocol’s zero-fee approach make possible to make data transactions during the network’s downtime, even though transactions with financial value are impossible.
Attack details
Some details about the attack:
- The attack only affected Trinity wallet
- Around 10 victims was identified with the IOTA Foundation so far: hackers targeted a high-value IOTA accounts and used the Trinity exploit to steal funds
- The team predicts that $300,000 to $1.2 million worth of IOTA has been stolen so far: they are working on the remediation plan to avoid the loss of funds (they announced more details once the plan is fully aligned and approved)
- User funds on exchanges and other wallets (eg. ledger) should not be affected
Current situation
IOTA team are still working with the investigation and remediation plan.
The new Trinity version is currently in progress: IOTA team have identified the vulnerability and it has been removed from the wallet.
This new version will allow users to open the wallet and check their balances and transactions.
More information and updates: https://status.iota.org
