Iota Founder Confirms He Will Repay Victims of $1.97 Million Hack

Published at: March 7, 2020

On Feb. 12 Iota (MIOTA) suffered an attack targeting its official desktop wallet. The Iota network went offline on the same day, and has remained down since.

On March 6, David Sønstebø, the founder of Iota, revealed that he will personally fully repay all 46 victims of last month’s Iota hack to the tune of 8.52 million MIOTA — worth roughly $1.97 million at the time of writing.

Cointelegraph spoke to David directly, who confirmed that he will reimburse all affected users from his own pocket, and that the Iota Foundation remains on track to relaunch the network on March 10th.

He also shared the lessons he has learned from being hacked, the Iota team’s previous success catching an Iota thief, and offers advice to aspiring crypto developers.

Cointelegraph: We're seeing posts being passed around which indicate you're considering paying back the people affected by the recent Iota hack out of your own personal funds. Could you confirm that these statements are authentic?

David Sønstebø: The messages on Iota's Discord are indeed authentic.

CT: Can you give a brief overview of the hack and the events leading up to it? e.g. How many Iota were stolen?

DS: The hack itself was on MoonPay's infrastructure, but due to the way it was integrated into the Iota wallet, there was a vulnerability that was exploited by the hacker. The total amount of iotas siphoned out of accounts were 8.52 Ti.

CT: How many Iota users were affected in the hack? Do we know how many individual wallets were stolen from?

DS: 46 individuals were directly affected by the attacker, due to swift action (including turning off the Coordinator) by the Iota Foundation, we were able to prevent the attacker from stealing from more people. Two of the users had multiple seeds, so around 50 individual wallets.

CT: What led to you deciding to reimburse users from your own personal funds? Were other options considered? How much will this cost you?

DS: It's quite simple: I did not start Iota with the goal of making myself or my co-founders rich. This is why we are the only project to not have a pre-mine or special allocation of tokens of any sort; Iota is truly grassroots. Our goal is to build the world's first truly decentralized, scalable, and fee-less DLT to catalyze a secure autonomous future and permissionless innovation in a plethora of industries. We are closer than ever to achieving precisely the goal we set out to reach several years ago. Thus, I chose to use my personal holdings (which I haven't touched in 2 years) to safeguard the Iota Foundation's runway. This way we can continue delivering on this ambitious goal unperturbed. I want to emphasize that no individual inside the organization is at fault for this, and that I have never been more proud of the team we have built than now. It will cost around ~2 million USD. This is definitely a lot of money, but if my primary motive was money I have had ample opportunity over the last 2 years to maximize my profits. I have not. For me, the chief goal is to build this future, based on our vision. Hopefully, the culprit will be held accountable one day and the funds recovered. The chances are low, but we did it once before.

CT:  What would you say are the lessons you have learned from the experience?

DS: It has been a powerful reminder to never compromise on security under any circumstances. This MoonPay vulnerability emerged due to the Iota Foundation attempting to deliver on all fronts, including building one of the best wallets in the space. In retrospect, we should have done a lot more due-diligence and had stricter auditing procedures in place, and simply more patience. I can assure you that this oversight won't repeat itself and IF has already set up further engagements with 3rd party auditing firms, as well as hiring more security specialists to [the Iota Foundation].

CT:  Do you have any advice for small developers regarding ensuring security?

DS: “Only the paranoid survive” is a good phrase to adhere to when developing software. Beyond that, my advice would also be to never give up; everyone f***s up now and then, it's all about how you respond to the situation and the lessons you carry with you as you continue.

CT: What can we expect from Iota in the coming months?

DS: The Iota project and Iota Foundation is thriving and moving at a faster pace than ever before on all fronts. There are significant updates to the protocol around the corner, known as Chrysalis. We are also partnering up with numerous entities to streamline Iota's path towards mass-adoption. In fact, on the day of this attack, we launched Tangle EE, which was somewhat overshadowed by this unfortunate incident. It is something anyone with an interest for DLT ought to check out.

CT: Is Iota still on track to relaunch the network on the 10th of March?

DS: Yes.

Tags
Related Posts
New Spyware Replaces Crypto Wallets on Clipboard via Telegram: Report
Amerian Internet infrastructure firm Juniper Networks has found a new spyware that uses Telegram app to replace crypto addresses with its own. Masad Clipper and Stealer Juniper Threat Labs, a threat intelligence portal at Juniper Networks (NYSE: JNPR), discovered a new Trojan-delivered malware implementing major global messaging app Telegram to exfiltrate stolen information, according to threat research released on Sept. 26. Reportedly circulating under the name “Masad Clipper and Stealer” on black market forums, the spyware is capable of stealing a broad list of browsing data, including usernames, passwords, credit card information. Moreover, the malware also includes a function that …
Altcoin / Sept. 28, 2019
IOTA Foundation Launches Trinity, a New Software Wallet for IOTA tokens
The IOTA Foundation has launched the Trinity wallet, as the organization announced in a press release on July 2. The announcement advertises the Trinity wallet as an improve to both ease-of-use and security for users conducting transactions in IOTA, with the purported goal of appealing to both new and advanced users. Reportedly, the wallet’s beta version has seen 160,000 downloads and transactions worth over $1.8 billion of IOTA. Cybersecurity firms SixGen andAccessec audited the application in advance of release. As a software wallet, Trinity is designed for compatibility with Ledger’s hardware wallets, as Ledger has worked alongside the IOTA Foundation …
Altcoin / July 2, 2019
Coinbase Gives Out $30,000 Reward for Detecting Critical Bug
Major United States crypto exchange and wallet service Coinbase has given a $30,000 reward for reporting a critical bug on its system, according to data from Coinbase’s vulnerability disclosure program on HackerOne. The bug, which was reported on Feb. 11, earned the largest reward ever given out by Coinbase on HackerOne. The vulnerability report is not publicly available on HackerOne. While Coinbase has reportedly confirmed that the vulnerability has since been fixed, a spokesperson declined to specify any additional details on the issue, as reported by tech news website The Next Web on Feb. 13. Coinbase’s four-grade reward system implies …
Altcoin / Feb. 13, 2019
Crypto Exchange Rokkex Incorporates Ledger Vault to Improve Security
French hardware wallet producer Ledger will provide its asset management system to Estonia-based crypto exchange Rokkex. Cybersecurity-focused exchange Built by Lithuanian cybersecurity and fintech professionals, Rokkex will integrate its trading platform with Ledger’s enterprise wallet management solution Ledger Vault to secure its crypto assets, according to a news release shared with Cointelegraph on Aug. 20. Lukas Krikstaponis, Rokkex’s co-founder and CEO, said that the platform has successfully tested Ledger’s technology on its platform to date. Demetrios Skalkotos, global head of Ledger Vault, explained: “Rokkex’s customers expect full transparency and protection from crypto hacks. [...] By leveraging Ledger Vault, Rokkex will …
Altcoin / Aug. 20, 2019
FUDsters, Not Misinterpreted Microsoft Partnership, Responsible For IOTA Decline, Clarifies CEO
Two years ago, in January 2016, Cointelegraph published an interview with David Sonstebo, the CEO of IOTA, who listed out his vision for a Blockchain-less cryptocurrency and explained about the technology behind IOTA. From its humble beginnings, IOTA is now ranked in top-10 world’s cryptocurrencies. Cointelegraph caught up with David again for a conversation about the recent events and the overall journey of IOTA. Cointelegraph: IOTA’s price exploded abruptly after the Microsoft Partnership announcement, only to drop down after ‘the clarification.’ What do you think happened there? Was it just a misconception or could there be any deliberation from any …
Altcoin / Jan. 13, 2018