- Within the crypto community there is a lot of discussion about how the remediation plan for the restart of the IOTA Tangle could look like. It seems clear that there will be a democratic decision about the rollback.
- With version 1.4.0 for the Trinity wallet, a new version for Android and iOS has recently been released, which users should install as soon as possible.
After the IOTA Foundation has recently published a remediation plan regarding the Trinity wallet, the plan for the reopening of the IOTA Tangle is still pending. As reported by CNF, all users of the Trinity wallet are currently encouraged to download the new version of the IOTA Trinity wallet and migrate their tokens to a secure seed, with the migration tool to be released in the coming days.
However, even before the migration tool is released, there are discussions about how to reverse the hack of the Trinity wallet. Within the crypto community, there are some voices claiming that the IOTA Foundation can undo transactions at will, which would be a significant violation of the distributed ledger’s decentralized nature. However, as previous announcements by the IOTA Foundation suggest, this is not the case.
IOTA Community will decide democratically
Although it should be explicitly pointed out that there is no official statement from the IOTA Foundation as yet on what the migration process will look like in detail, a statement on Reddit and Twitter is making waves, attracting a lot of attention at the moment. Via Reddit the user u/Aftert1me describes that the tool gives IOTA owners the possibility to switch to a new seed or to continue using the current seed.
There will be a migration phase for this. If two people try to migrate the same seed during this phase, a KYC process will be triggered. So if the hacker tries to claim the IOTA with the stolen seeds, whereas the actual owner also claims his IOTA, both have to go through a KYC process.
The verification will be done by a third party company. Once the migration phase ends and the true owners have recovered their IOTA by producing a new seed, the IOTA Foundation will take further steps to resume operation of the Tangle. For this purpose u/Aftert1me states:
Then, when real owners are verified and the right migrations are let through, the IF will most likely construct a valid subtanle tangle that will be re-attached as soon as they turn on the Coordinator. Before turning on the Coordinator, the snapshot will be given for the verification to the community. If you don’t agree, you can freely deny it.
If the process were to proceed this way, the node operators would have to download the snapshot manually in the next step. Similar to a decision in the Bitcoin network, more than 50 percent of the nodes must agree and accept the snapshot as the new valid consensus. The IOTA Foundation described the process similarly in its last status update when it wrote:
Assuming the snapshot is successfully validated by the IOTA community (node operators), we will implement a KYC procedure involving a third party that will enable all users who had their tokens stolen to reclaim them. The same procedure will also be required for certain cases in which the migration tool is used fraudulently or incorrectly.
Ultimately, the situation is similar to Ethereum during the DAO hack. Those nodes that vote against the rollback will not have to download the new snapshot, thus creating a democratic decision.
New Trinity wallet version for Android and iOS
In the last status update, the IOTA Foundation also stated that all users, whether desktop or mobile, who have opened any version of Trinity (desktop or mobile) since 17 December 2019 should download the latest version of the Trinity wallet. Last night (00:35 UTC) the mobile versions were updated as well:
Trinity Mobile 1.4.0 has been released on Android and iOS. Download it from Play Store and App Store respectively.
This version includes a critical security fix.
Update: Remove exchange support (#2565)
Fix: Allow wallet entry when nodes are not in sync (#2563)
Fix: Fix letter duplication on Android (#2573)
A glance at the App Store reveals that the removal of the exchange support refers to MoonPay. The MoonPay integration was only added last December. So far, however, it can only be speculated whether MoonPay was one or the cause of the Trinity hack.