According to a Feb. 17 update post, IOTA should update their Trinity apps to securely check their balances and transactions via Trinity 1.4.1, a new version that is designed to remove the recently detected vulnerability from the wallets.
IOTA’s network coordinator is still paused for an upcoming token migration
Released on Feb. 16, the new version of the wallet doesn’t apparently represent the full solution of the recent breach because the IOTA’s dedicated network Coordinator, is still on hold. According to an update posted on Feb. 16, the Coordinator remains down as the foundation is finalizing their “remediation” plan, making users unable to send value transactions.
According to the latest update, the IOTA Foundation will restart the Coordinator only after users migrate their tokens to safe seeds. The foundation noted that IOTA will release the seed migration tool in “upcoming days,” noting that the action will be another important measure to protect user funds. They wrote:
“By migrating your tokens to new, safe seeds prior to the re-start of the coordinator, you will render the attacker incapable of making unauthorized transfers of your tokens if s/he has not already done so.”
Hack started in late January
In the latest post, IOTA also noted that IOTA’s security team has managed to discover that the hack started on or around Jan. 25, 2020, allegedly targeting only Trinity users on desktop. However, the firm is still recommending that both desktop and mobile users should migrate their tokens to a new seed as soon as the migration tool is released.
The losses in the hack remain undetermined
According to information on the thread, the IOTA Foundation has not yet calculated the sum of the losses caused by the hack. As the firm is still finalizing its remediation plan, it appears to remain unclear how much funds have been lost due to the attack. In a Feb. 14 update, IOTA explicitly noted that some funds have been stolen:
“The stolen funds have been purposely and repeatedly merged and split to obfuscate the investigation [...] Our current assumption is that the perpetrator targeted high value accounts first, before moving on to smaller accounts and then being interrupted early by the halt of the coordinator.”
Additionally, some online users also expressed confidence that the lost funds will be reimbursed. According to some reports, the Trinity desktop wallet may have lost between $300,000 and $1.6 million.
Cointelegraph has asked the IOTA Foundation to provide their evaluations on the amount of lost funds in the hack but did not receive an immediate response. This story will be updated should they respond.
While the IOTA Foundation emphasized that the recent exploit only relates to the Trinity Wallet, and the IOTA core protocol wasn’t breached, some users suggested that the security breach could be attributed to the IOTA Foundation. The Trinity Wallet was officially released by the IOTA Foundation in July 2019, touted as a major improvement to ease-of-use and security for users conducting transactions in IOTA.
The IOTA Foundation, a firm maintaining MIOTA, the 22th biggest crypto asset by market capitalization, has already been known for facing network issues. In late 2019, IOTA users were unable to confirm transactions for 24 hours due to a mainnet incident. Despite the hack news, MIOTA is up nearly 7% over the past 24 hours as of press time, according to Coin360.