IOTA is a revolutionary new technology that aims to be the backbone of the internet-of-things.
The blockless distributed ledger makes it possible to transfer value without any fees - for the first time ever.
IOTA has been around since 2015, and the promising technology has many supporters and investors.
Today, some breaking news emerged:
Countless IOTA holders who used an Online Seed Generator had their funds stolen!
Users suddenly had outgoing transactions in their wallets, not confirmed by them.
It seems like they used some malicious online software generating software, whose owners then decided to rob all of their victim's funds.
These seeds were setup without any password protection, so it was an easy game for the hackers.
What is better to use than the online Seed Generator?
There are several ways to safely generate a seed.
You can use an IPFS seed generator, KeePass or command line.
Detailed instructions can be found here.
So what to do if you were affected by the attack ?
First, users have to visit their wallets and check whether the unauthorized transaction is still "pending" or not.
- If the stolen transaction is still pending (it'll say "Pending" underneath the transaction in your wallet history), URGENTLY send your entire balance to an address in a different seed. You might need to use the CLI wallet in order to make this new transaction so that you can bypass the double spending prevention mechanism that's built into the GUI wallet. You need to get your new transaction confirmed before the stolen transaction is confirmed.
CLI Wallet -
https://github.com/MichaelSchwab/iota-commandline-wallet
https://github.com/TimSamshuijzen/iotaproxy
CLI Wallet Instructions:
-- or -- https://forum.helloiota.com/post/8584For those who need urgent real-time assistance, join the IOTA Discord channel and ask for help immediately:
https://discord.gg/fNGZXvh
If the transaction is already "confirmed", unfortunately this means that your IOTA have already been sent to the malicious acccount.
- If the stolen transaction is confirmed (it'll say "Confirmed" underneath the transaction in your wallet history), unfortunately that IOTA is now gone forever. This is a terrible situation, but hopefully we can use this experience to inculcate safe seed generation practices. Please see the "Legal Action" addendum below for details on legal recourse.
The golden rule is to change 10 characters from whatever string of characters the seed generator gives you. Preferably, avoid online seed generators altogether. Here are the currently recognized best practices of seed generation by the IOTA community:
https://helloiota.com/generate-seed.html
Since this is such an important topic to millions of IOTA users around the world, I decided to write this quick post about it, to get the information out there.
Please let every IOTA holder know of this issue!
Some might still be able to send their funds to a safer wallet!
© Sirwinchester
Thanks for update nice and informative stuff. Its really useful for steemian @sirwinchester
I like it and hope to invest for best.
All the best and keep it sharing
Thank you, glad you enjoyed the post!
This freaked me out haha. All is well though
Thanks for the update @sirwinchesdter .We need to start tracking these hackers down and exposing them. Seems like all that happens is the programs security gets boosted. We need some "Good Guy Hackers" to track these pieces of scum down and expose them. The only way to stock a hacker with bad intentions, is a hacker with good intentions.
https://steemit.com/crypto/@keepinitreal/what-crypto-are-you-holding-non-promotion-poll
Good boy
What is your upvote worth ?
I would like to write an article about the most valuable Steemians!
Thanks to information. I'm new of steemians please support me
Thanks for this information, I hope no one will be hacked, but please read the rules of our group : Steemit for resteem
Oh ..just resteemed this post ..please do upvote me 😀
Hi @sirwinchester !
I'll be in Hamburg next week - will you be around?
I would love to see you again and dance a little!
xx
@elenahornfilm
Hi Elena!
I'm in Switzerland next week, and then a little later back in hamburg..
I think this was a matter of time. Maybe there are safe online seed generators, but the best way is to generate it offline.
In my opinion the IOTA team should add an second factor (password) for their wallet, so even if the seed is public, the withdrawal of funds is very difficult (of course the choosen password has to be strong).
I read that IOTA was quantum proof and thus much safer. Did not know about this seed thing. I don't own any IOTA. But if the 3rd generation Cryptos are so easily hacked, where are we up to.
Thanks you so much..
Thanks for the update. What effect do you see this having on IOTA's potential? Or do you think it will be by-the-by in terms of progress. I would hate to see people move from IOTA due to this.
What is your upvote worth ?
I would like to write an article about the most valuable Steemians!
IMPORTANT POST
posting is very useful. please upvote me
good post friends, I like posting friends.
great update
This is one of the reason I get ai scared of Cryptos. I wish I could thank you more for this piece of advice. Thanks to @slowwalker for rewarding this!
thanxs for this informatiom it helps me understand will. more post to come with this kind of news
Crypto security is a very fundamental issue in which very wallet provider must accord top priority. It is better for a wallet provider not to run the service than to run a wallet which can be compromised.
Great information for Iota holders. I also made jesterday a spezial post about iota where i illustrated the Iota Superhero. Its always a sad story when coins get hacked and i hope your tips will jelp some people.
Btw you can watch my Iota post here ;)
https://steemit.com/art/@bronkong/iota-ai-my-illustration-process-informations-about-iota
Thank you
Your post is very interesting. I like your article. really impressive.
Thanks for sharing!
It will be no big issue for IOTA long-term. But I really feel sorry for all affected IOTA holders. Great that you informed us about this hack, maybe some read it for first time.
I am afraid every new system has a gap somewhere and greedy people find a way to hack it. It is, unfortunately, a never-ending story.