Since last Wednesday, it is not possible to transact with the iota cryptocurrency. Hackers gained access to accounts through a vulnerability in the Trinity wallet software and thus could take over iota. That leak has been closed, but the network is still down.
Ten accounts that own a large amount of the iota cryptocurrency were hacked last week. After this was discovered, the Iota Foundation evicted the Coordinator. That is a node in the iota network that confirms every transaction. By turning off the important part, the Iota Foundation prevented further theft, but that also puts all other iota transactions at a standstill.
The Iota Foundation describes the events on the network status page. On Wednesday, February 12, the organization received several reports of cryptocurrency theft. The organization sent out warnings and 25 minutes later shut down the Coordinator, then trying to figure out how the hackers got in.
Investigations over the next few days revealed that the accounts where iota was stolen were all using Trinity, a wallet application developed by the Iota Foundation. The desktop version turned out to have a vulnerability. Hackers have carried out targeted attacks on a dozen accounts and reportedly looted around 1.5 million euros worth of iota, reports ZDnet.
The leak is said to be in a ‘third party’ integration of Trinity. The vulnerability would not be present with the mobile version of the app. Hardware wallets are also not affected. Technical details about the vulnerability have not yet been released by the Iota Foundation. The organization does say that the security of the iota protocol is not at stake.
After discovering the vulnerability, the organization started work on a solution. On Monday, the foundation released a new version of Trinity that fixes the vulnerability. Iota users can’t transact yet; the Coordinator remains offline while the organization completes the investigation. The foundation says it will soon come up with an update in which it provides more clarity about the plans to prevent such a hack in the future.
The iota cryptocurrency has been around since 2015 and uses a digital ledger, or ledger, called Tangle. This is a so-called directed acyclic graph, which is an alternative to the blockchain. There are no transaction fees as the condition is that a transaction validates two previous transactions.