Thursday, Feb. 13. 2020, IOTA announced that they had shut down its network in order to deal with an ongoing attack against its Trinity wallet.
When IOTA first publicized the attack two days ago, it just advised users not to open or use the Trinity wallet. The fact that they are now taking more radical measures suggests that the problem may not be resolved anytime soon.
The blockchain startup revealed on twitter that they were working with law enforcement to investigate a coordinated attack in which an undisclosed amount of funds has been stolen.
According to a recently provided update, it is reported that about half of the victims have already contacted the Foundation. While other scenarios cannot be ruled out, it still seems highly likely that their seed phrases were stolen.
IOTA also promises to release an in-depth report about this case once the investigation is completed. Doing so now would give attackers the upper hand.
The new attack took place one year after Europol arrested a man from Oxford who stole nearly €10 million worth of IOTA tokens from 85 people.
The Irony of Halting a Decentralized Network
This news means that the entire “decentralized network” has been halted, inconveniencing millions of users, as operations are temporarily crippled.
The Foundation halted the network by pausing the Coordinator, which is a protective mechanism to shield the network against attacks.
In the events that malicious hackers launch an attack that results in their marshaling, 34% of the IOTA hash rate transactions in the network would be compromised in the feeless network.
The Coordinator is programmed to act as a node to defend the network and confirm all transactions. Unfortunately, it is run by the Foundation.
A centralized coordinator remains contentious, but there are continuing efforts to remove it via the Coordicide.
Details Of The Trinity Wallet Attack
Though two cybersecurity firms audited trinity, it seems likely that the software’s short lifespan caused researchers to overlook vulnerabilities.
The team blames the early versions of Trinity wallet that they could be the reason for the attack—though this has not yet been confirmed.
Unsurprisingly, IOTA has revealed very few details about the attack in order to prevent other attackers from carrying out the same exploit.
So far, IOTA has only suggested that attackers stole seeds, allowing them to recover wallets that Trinity users have already created.
Though very few Trinity wallets have been compromised, a huge amount of digital IOTA tokens has apparently been stolen.
As far as we know, a decentralized network is not governed by any designated body. That’s why it’s shocking to hear that IOTA operations have been halted after the security breach.
Although it’s all in good faith, this prompt action does not fit into the whole idea of a decentralized network. What does this mean to the crypto community? Can we trust projects that claim are decentralized?