You are viewing a single comment's thread from:

RE: IOTA - Thousands of Wallets Compromised and Funds Stolen

in #iota7 years ago

It is a major design flaw in IOTAs client as there are absolutely no measures for authorization. It is not the fault of the user, it is a disastrous design. There are 3 A's in information security:

Authentication (that's the seed)
Accounting (that's your balance and history)
Authorization => they did not implement this at all. It should at least be password protected at bare minimum.