IOTA Foundation expects to reactivate network by March 2 following $2M user wallet attack

Quick Take

  • The IOTA Foundation will resume its mainnet by March 2, after it paused the network last week after a hack
  • The team estimated that around $2 million worth of IOTA tokens were stolen due to the hack
  • The hacker exploited an vulnerability in MoonPay, a fiat on-ramp platform integrated with IOTA’s Trinity wallet software, and then distributed malicious SDK packages to users.

The IOTA Foundation said Thursday that it would reactivate the IOTA network by March 2, following an abrupt shutdown last week in the wake of an attack that resulted in some users of the Trinity wallet software having their funds stolen.

The nonprofit organization said today that it is developing transition tools for users to transfer their funds from their existing accounts to new ones. After the transition is complete, the Foundation will bring the network online. The Foundation paused the network in the wake of the attack, as reported previously by The Block.

Since that time, the Foundation has been working with law enforcement agencies – including the German Center for Cybercrime and the U.S. Federal Bureau of Investigation – to identify the cause, according to IOTA Foundation co-founder Dominik Schiener and the Foundation's website. 

The total loss resulting from the hack is around $2 million, and some of the funds have already been transferred to exchanges, Schiener told The Block.

As such, the Foundation is working on a remediation plan to refund victims of the attack, although specific details won't be available until next week, said Schiener. 

In a post-mortem report, the Foundation said that the hack resulted from a vulnerability via MoonPay, a fiat-to-crypto onramp platform that's integrated with Trinity. Trinity is a wallet solution developed by the Foundation to support the IOTA network's token. 

The hacker was able to take over MoonPay's content distribution network and infiltrated the Trinity Wallet through the integration. They were then able to distribute malicious Software Development Kits (SDKs) to Trinity users and steal funds stored in their wallets. 

"The biggest fault that we have made was to not integrate the NPM package and properly security auditing the integration. Human error and the pressure to release a new version ASAP ultimately lead to this mistake," said Schiener, referring to the software package that can accept SDK as a static file, thus preempting the reception of a malicious SDK. 

Although the team was able to identify 50 victims from the attack, it does not know how many users received malicious SDKs. As such, the Foundation has asked all Trinity wallet users to transfer their tokens to new accounts. 

"One important thing is obviously that this does not affect all IOTA users, but only affects Trinity users of the Trinity desktop wallet. So everybody else is safe and doesn't have to worry about this," Schiener noted. 

The IOTA Foundation’s move to freeze the network after the attack was a controversial one, given that IOTA is designed as a decentralized network. The Foundation was able to turn off the network because it controls the Coordinator node, which, under normal circumstances, ensures the finality and validity of individual transactions that are linked together.

However, the IOTA Foundation believes this mechanism is essential to the network’s development during its early stages. 

"I know that is controversial in a space where decentralization is all that matters until something like DAO happened and you could roll back the blockchain anyway… this [pausing the network] was an extraordinary measure in response to an extraordinary event and it's important to get across, at least from our perspective, that no one at the IOTA Foundation or the IOTA project is happy that we had to take such extreme measures," IOTA Foundation co-chair David Sønstebø told The Block. 

"But we are happy that we were able to," he added. "And that we're taking the safe route."

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.