- The IOTA Foundation has requested to update the Trinity wallet to version 1.4.3. to close the existing security hole.
- Furthermore IOTA users should use the Seed-Tool to secure their MIOTA.
The IOTA Foundation has identified the security flaw in the Trinity wallet hack. The MoonPay integration allowed a hacker to gain access to some Trinity Wallets. MoonPay was integrated into the wallet on 19 December last year and gave investors the opportunity to invest in IOTA easily and quickly.
Trinity wallet is secure, MoonPay is the vulnerability
According to IOTA, the Trinity wallet’s proprietary code is considered secure. The day before yesterday IOTA released an updated version of the mobile wallet for both iOS and Android without MoonPay. A few hours ago IOTA also released a new desktop version 1.4.3 of the Trinity wallet for Mac, Linux, Windows 10 and Windows 7. The latest version can be downloaded here.
IOTA Foundation Lead Developer Charlie Varley told Discord that this will be the last update for Windows 7 users, so they are encouraged to upgrade to Windows 10. An update is mandatory to close the security flaw:
This was necessary because the security vulnerability was introduced into the Trinity wallet via the MoonPay integration. We are working on an incident report in which we will publicly disclose the details of the vulnerability, how it was introduced, how it was exploited, and the steps we are taking to improve our security practices as a whole.
In addition, MoonPay has officially announced that the credit card information entered has been encrypted according to industry standards and therefore it is unlikely that this data could be stolen. However, if unusual account activity is observed, the police should be contacted in any case. This step will also help local and international law enforcement agencies to investigate the case more thoroughly.
Users are also encouraged to use the Seed Tool to migrate their MIOTA to a secure seed. Further details on how this works will be published in due course.
Trinity users – If you opened #Trinity between Dec 17th 2019 – Feb 18th 01.30 CET 2020, you will need to use the seed migration tool to protect your tokens. Further details about the tool and migration period soon. All updates at https://t.co/3blzUVGJTE or https://t.co/vbg93hQBiG
— IOTA (@iotatoken) February 20, 2020
There will be a migration phase for this changeover before the coordinator is started again and the IOTA Tangle starts normal operation. If two people try to migrate the same seed during the migration phase, a KYC process will be initiated. If the hacker now tries to migrate the stolen MIOTA to a new seed, a third party company will check if this person is the real owner of the MIOTA.
Even though there is no official statement from the IOTA Foundation, there will be a snapshot that shows the state of the tangle at the current time. Afterwards, the node operators have to download the snapshot manually in the next step. Similar to a decision in the Bitcoin network, more than 50 percent of the nodes must agree and accept the snapshot as the new valid consensus. The IOTA Foundation described the process similarly in its last status update:
Assuming the snapshot is successfully validated by the IOTA community (node operators), we will implement a KYC procedure involving a third party that will enable all users who had their tokens stolen to reclaim them. The same procedure will also be required for certain cases in which the migration tool is used fraudulently or incorrectly.
The situation is comparable to Ethereum’s situation when the DAO hack took place. Those nodes that are in favor of the rollback will download the new snapshot, thus creating a democratic decision.
IOTA price moves sideways
IOTA is following the current market trend and has recorded a 1.75% increase in the last 24 hours to a price of USD 0.2685. With a market capitalization of 747 million USD, IOTA continues to rank 24th among the largest crypto currencies by market capital.