IOTA - Thousands of Wallets Compromised and Funds Stolen

in #iota7 years ago

If you bought IOTA, check your wallet. Chances are high that it is empty now.

Don't believe me? Open it and find out yourself that all your funds have been stolen.

How so? People were told to use online seed generators. Yes, a seed, online. Not from the wallet itself, no password, not protection at all. And one clever chap collected all the generated seeds and just cashed in.

What can you do? If it is still "Pending" then check out this posting from the official IOTA forum. If it says confirmed as it does for me, funds are gone.

https://forum.helloiota.com/9100/To-everyone-posting-with-stolen-balances

IOTA tries to blame people now for using the online seed generators. I think the party to blame is IOTA itself, for not putting a seed generator in their light wallet, and for not password protecting it.

This actually calls for class action as thousands of accounts were compromised!

Sort:  

Please have a look at this and share your information. I doubt much can be done to recover, but a least the thief could be knocked down.

https://forum.helloiota.com/9284/Call-to-action-lets-catch-the-thief

Please also follow the discussion here, it's developing.

https://bitcointalk.org/index.php?topic=2791245.0

It is a major design flaw in IOTAs client as there are absolutely no measures for authorization. It is not the fault of the user, it is a disastrous design. There are 3 A's in information security:

Authentication (that's the seed)
Accounting (that's your balance and history)
Authorization => they did not implement this at all. It should at least be password protected at bare minimum.

They do nothing about it, that guy Ralf blames users for using the seed generators they promoted on their official forums. Shame on you.
The theft is still going on.

if ur funds are not stolen jet, use a local keygenerate like keepass and transfer the iotas to a new wallet

Or in Linux
cat /dev/urandom |tr -dc A-Z9|head -c${1:-81}

Thanks for sharing the Command

Is 'urandom' secure enought for a Seed?

People suggesting to use dice now :). Well, it is certainly secure enough for most cases, I doubt there is any more functionality behind the online seed generators, but if you run it at home it will at least be not monitored.

From https://forum.helloiota.com/9284/Call-to-action-lets-catch-the-thief?PageIndex=16

"I'll talked to the cybercrime department of the public prosecution in Hessen, Germany. They will start investigations as soon as I write them a mail with all required information. It seems like they take this theft very serious and that they will try to trace the scammers. I'll give them the link to this chat. If there are any additional information missing, please send me a message. I'll send my mail in 10 minutes! There are cybercrime department in almost each federal state in Germany. If you are German, please contact them, e.g. if you live in Nordrhein-Westfalen. I can't do that in other states, since they are not responsible for me."

Please support!

For all that got funds stolen, please use the following to report the details:

https://iotawalletloss.claims/

Reference: https://forum.helloiota.com/9284/Call-to-action-lets-catch-the-thief

The problem is not with the IOTA's Tangle technology but with the people who used Online seed generators. Now, if you deliberately use an online seed generator without checking whois information, without confirming for a legitimate site then there is no one to blame for except yourself. This is what I think and if you have any strong point then I would be happy to be enlightened.