IOTA Urges Trinity Wallet Users to Use Seed Migration Tool

Published at: Feb. 21, 2020

Responsible for one of the top performing cryptocurrencies, IOTA is continuing to release new information in response to a Feb.12 hack on its official wallet. 

According to a Feb. 19 status update, the IOTA Foundation strongly recommends users of the Trinity Wallet to immediately change their passwords and use the seed migration tool to protect their assets. Trinity users who opened or updated their wallets between December 17th, 2019 and February 18th, 2020 may be vulnerable.

Trinity users - If you opened #Trinity between Dec 17th 2019 - Feb 18th 01.30 CET 2020, you will need to use the seed migration tool to protect your tokens. Further details about the tool and migration period soon. All updates at https://t.co/3blzUVGJTE or https://t.co/vbg93hQBiG

— IOTA (@iotatoken) February 20, 2020

Patch to Trinity Wallet removed MoonPay 

IOTA currently runs on their dedicated network Tangle — not blockchain — but Coordinator, a node on the network to help prevent attacks, is on hold following the recent breach. The desktop version of Trinity Wallet was found to be vulnerable after hackers attacked a number of high-value accounts on Feb. 12, gaining access to private wallet keys.

MoonPay, a service that allows users to purchase IOTA directly, was discovered to be the gateway to the breach. The MoonPay feature does not appear in the patched version of Trinity Wallet for desktop users released by the foundation following the attack.

Credit card details “unlikely to have been compromised”

Despite requesting its users to monitor for any suspicious activity and immediately change their passwords, IOTA mentioned it was unlikely for any credit card details to have been affected by the breach:

“...we want to inform users who have input their credit card details into the Trinity Wallet that, to the best of our knowledge, their credit card information is unlikely to have been compromised by this security incident.”

This assurance belies the serious nature of the breach. Hackers may have obtained a number of seeds from IOTA users, and may find others who do not promptly use the migration tool as the foundation suggests.  

Cryptocurrencies like IOTA are still finding their feet when it comes to data breaches and working with existing blockchain technology. The company had to shut down for 24 hours in December 2019 following a mainnet incident.

Tags
Related Posts
IOTA Updates Trinity Desktop Wallet to Partly Address Recent Hack
Following an apparent hack of IOTA (MIOTA) official wallet on Feb. 12, the IOTA Foundation has released a safe desktop version of the Trinity wallet. According to a Feb. 17 update post, IOTA should update their Trinity apps to securely check their balances and transactions via Trinity 1.4.1, a new version that is designed to remove the recently detected vulnerability from the wallets. IOTA’s network coordinator is still paused for an upcoming token migration Released on Feb. 16, the new version of the wallet doesn’t apparently represent the full solution of the recent breach because the IOTA’s dedicated network Coordinator, …
Technology / Feb. 17, 2020
Iota Network Relaunched Following Trinity Wallet Theft
After almost a month following a massive hack, the Iota Foundation has brought their network back online. The Iota network was relaunched on Tuesday following the Feb. 12 attack on the platform’s Trinity Wallet software. Although the network was shut down that same day to prevent further security breaches, 8.55 million MIOTA — approximately $2 million — was stolen from 50 users of the digital asset wallet. In a March 10 blog post, the IOTA Foundation announced the Coordinator — the centralized node curating all transactions — was back online following a seed migration period. The desktop version of Trinity …
Technology / March 11, 2020
Beware of Fake Ransomware Decryption Tools
As free ransomware decryptor tools begin to enter the market, a wave of fake software that claims to decrypt ransomware-affected files has begun to proliferate. According to a report released by Bleeping Computer on June 5, the creators behind Zorab ransomware released a fake STOP Djvu decryptor. Instead of recovering a victim’s data however, this software appears to encrypt their files further with a second ransomware. When the victim opens one of these tools, the software extracts an executable file called crab.exe. This is the Zorab ransomware itself. Once executed, the tool will encrypt all files present with a .ZRB …
Technology / June 7, 2020
IOTA Foundation Launches Trinity, a New Software Wallet for IOTA tokens
The IOTA Foundation has launched the Trinity wallet, as the organization announced in a press release on July 2. The announcement advertises the Trinity wallet as an improve to both ease-of-use and security for users conducting transactions in IOTA, with the purported goal of appealing to both new and advanced users. Reportedly, the wallet’s beta version has seen 160,000 downloads and transactions worth over $1.8 billion of IOTA. Cybersecurity firms SixGen andAccessec audited the application in advance of release. As a software wallet, Trinity is designed for compatibility with Ledger’s hardware wallets, as Ledger has worked alongside the IOTA Foundation …
Altcoin / July 2, 2019
‘Blockchain Bandit’ Has Stolen 45,000 ETH by Guessing Weak Private Keys, Report Claims
A “blockchain bandit” has managed to amass almost 45,000 ether (ETH) by successfully guessing weak private keys, according to a report released by Independent Security Evaluators on April 23. Adrian Bednarek, a senior security analyst, said he discovered the sophisticated hacker by accident. While guessing a private key is meant to be a statistical improbability, he managed to uncover 732 private keys through his research — giving him the ability to complete transactions as if he was the account holder. The report notes that rather than using a brute force search for random private keys, it used a combination of …
Blockchain / April 23, 2019