- The IOTA Foundation has issued an urgent warning on the use of the IOTA Trinity wallet.
- A possible attack by a hacker is currently being investigated. Until the situation is resolved, users are asked to avoid using the IOTA Trinity wallet.
The IOTA Foundation issued a warning a few hours ago and warned about using the IOTA Trinity wallet. As the IOTA Foundation announced via Twitter, a suspicious situation is currently being investigated.
— IOTA (@iotatoken) February 12, 2020
According to founding member David Sønstebø via Discord, all possible resources have been put aside to find the cause of the problem:
We are looking into this with all our resources at the moment. We will naturally update as soon as we have further information.
I can easily empathize with your sentiment, but please understand that in this space that we all inhibit there is a lot of nonsense going on. As you’ve undoubtedly noticed, the entire Foundation and the vast majority of the community takes this very seriously and we are working nonstop to get to the bottom of this.
IOTA owners are advised under no circumstances to open the Trinity wallet and enter their seed there, as Dave De Fijter wrote via Discord:
We are currently looking at a very in depth audit of all Trinity dependancies, external services, and everything involved, this will probably take a while and there’s not a lot I can do at this point.
The Discord Channel of IOTA is currently heavily debating and puzzling over the causes. So far it is known about the attack that the IOTA Foundation is investigating the attack in depth and looking at all possible attack vectors. So far, according to a message via Discord yesterday, only about 8 victims of the attack have been identified. A few of them have completed the KYC process. Dave de Fijter of the IOTA Foundation wrote about this:
I’ve KYC-ed with 3 of them, it’s definitly not the same person and they are from very different regions of the world.
So apparently it can be excluded that it is a single “troll” that IOTA wants to give bad publicity to. Furthermore, it’s remarkable that all victims used the desktop version of the Trinity Wallet. So far only one macOS user is known, the rest were Windows users. It is also suspected that the hacker deliberately carries out the attacks manually and does not use an automated script, which could mean an even greater number of victims.
Several versions of the Trinity Wallet also appear to be affected. In addition to the current version (1.2.2), it is said to have already received a message from v1.2.1. Dave de Fijter wrote about this via Discord:
Well all users used Trinity Desktop, 1.2.1 or 1.2.2, so we are suspecting it’s in there somewhere. Trinity didn’t seem modified on 2 of the victims pc’s. So we are looking further into this
The stolen funds have also been mixed. Those affected can contact Dave De Fijter at the IOTA Foundation directly.