- IOTA urges Trinity users to take advantage of the seed migration tool before March 7th when they are set to restart their coordinator.
- Moonpay vulnerability was identified as the most likely source of the attack.
The IOTA foundation last month began the seed migration in preparation for their network restart. This was after they shut down their Decentralized Blockchain Network after a security breach.
The network was shut down on February 12th after IOTA received claims of several drained user wallets which was enabled by the presence of a centralized Coordinator. The solution of shutting the coordinator down may have prevented further hemorrhaging of funds, however raising more questions over the decentralized state of the Network.
Majority of Trinity Users Affected.
The breach saw hackers get away with 8.55 million MIOTA tokens worth around $1.87 million at the time. The hack was carefully orchestrated on Trinity, the desktop version of IOTA’s Crypto wallet from 19th December 2019 to February 17th 2020.
They have to date found that Moonpay a third party Fiat Onramp was the most likely source of the vulnerability. This was after analysis of the CloudFlare, Moonpay’s DNS they discovered that the hackers had access to the CloudFlare API key which is difficult to feat without physically compromising their premises. The injected software in the wallets sent back both the password and wallet’s seed to the hacker.
Allegedly Moonpay then fixed the issue via patching before the IOTA team got wind of the hack. It’s not clear what will become of the partnership as the Moonpay feature wasn’t included in the patch for the desktop version of Trinity.
How to Migrate
The IOTA Foundation has released guidelines that would enable users to identify if they were at risk of the hack and even a seed migration tool for smooth transition. They strongly urge users who used Trinity from Dec 19th 2019 to Feb 17th 2020 to take advantage of the seven-day period to migrate as they were at risk. After which they would switch the coordinator back on March 7th 2020.
“It is an easy to use piece of software for MacOS, Windows and Linux that automatically migrates IOTA Tokens from potentially compromised seeds onto a new, unaffected seed.”