The owners of the wallets IOTA reported thefts token of their wallets. According to preliminary data stolen digital assets worth about $4 million.
The reason was malicious online generators secret phrases for wallets used by the attackers, whose identities are not yet established.
When you create a new wallet IOTA, the user needs to enter a seed-a phrase that consists of 81 characters. On the website HelloIOTA that contains information about a few solutions to this problem. One of them is the use of seed-generator on the basis of the IPFS. Another option is to generate a key using a Mac or Linux terminal. Both these methods are not simple, so do not have the necessary for their application knowledge of the users appeal to more simple solutions – online generator seed phrases.
iotaseed.io, the most popular for this purpose the website not currently working – message appears: «Sorry, we’re closed».
Previously, to create a secret phrase generator asked the user to randomly move the mouse, the «generate random» you need to register a wallet phrase.
The representative of the IOTA Network Evangelist Ralph Rottman (Ralf Rottmann) said: hackers have been known to seed-phrase of the wallets of the victims. Not to allow victims to recover stolen funds, the attackers used a DDoS attack to full network nodes IOTA.
The community delegates a full node is busy formulating various strategies to improve the sustainability and protection of the public nod under similar DDoS attacks.
Users have repeatedly warned that the use of simple generators seed phrases need to change places of these phrases for complications and reduce the risk of hacking. The developers have repeatedly stated that this vulnerability has nothing to do with the technology of the platform and is directly connected with the generators of the secret phrases.
It is known that in December last year, the company received a wave of criticism associated with the denial of information about the partnership IOTA and Microsoft. The leadership was accused of intentional misrepresentation with the purpose of manipulating the market.
This is not the first case of theft by the method of the theft of seed-phrase. Earlier it was reported about a similar case with the purses BlackWallet. Hackers have managed to intercept a DNS record of the domain and steal $400 thousand in tokens network Stellar — Lumen (XLM).