We Play Coins

IOTA Network back online after massive attack a month ago

IOTA Network back online after massive attack a month ago
By We Play Coins
Added on Mar 11, 2020

IOTA Network back online after a massive attack according to a report by Cointelegraph. The network recently suffered a massive attack causing it to go offline for about a month. The network has been patched and all users are expected to migrate their crypto.

The IOTA Network was relaunched following the attack on Tuesday. It has been launched on the trinity wallet software. Although the company tried to minimise the damage, 8.5 million MIOTA were stolen and $2 million in damages were reported.

From the blog post

On February 12, 2020 the Trinity wallet was attacked via a third-party dependency from Moonpay, which resulted in the theft of around 8.55 Ti in IOTA tokens from a total of 50 user accounts. On the same day, the Coordinator was halted to protect Trinity users’ tokens and prevent further thefts. The IOTA Foundation built a new tool to allow users to protect their tokens by migrating to a new, safe account. The migration period (29th Feb — 7th March) is now over and the Coordinator has been resumed.

We continue to work with the FBI, as well as the UK, German, and Maltese police to identify and track the attacker. With the restart of the Coordinator, we are together actively monitoring for any suspicious activity.

If you used Trinity between 17th Dec 2019–17th Feb 2020 and you have not migrated your seed during the migration period, make sure to create a new seed in Trinity and transfer your funds from your old seed.

The steps taken to protect user tokens

As the event unfolded, the IOTA Foundation decided to halt the Coordinator and thereby, stop value transactions. The Coordinator was put in place as a temporary security mechanism during the network’s maturation phase. By temporarily disabling this component we were able to ensure further tokens were not transferred out of compromised users’ wallets. We then provided users with a new tool to migrate their accounts to safety.

The migration tool allowed users to create a regular IOTA transaction that moved their tokens from their old account to a new, secure one. This was done in such a way that the migration procedure could not be compromised. Critical account information (the seed) never left users’ machines. Users were notified about the migration period on the 20th of February and given a period from the 29th of February to the 7th of March to migrate their tokens.

After the migration period, submissions were processed to ensure there were no conflicts. A conflicting migration would indicate that two individuals had attempted to migrate the same account, and an identity check (KYC) would be required to determine the rightful token claimant. A handful of conflicting submissions were created by users accidentally migrating the same seed twice, many of which reached out to us on Discord for advice on how to proceed. We have opted not to enforce KYC for that very small group and made the decision to accept the latest instance of those conflicting submissions. IOTA Network back online after a month offline patching vulnerabilities.