Just a few days ago, about $4 million was stolen from IOTA wallet users. The source of the theft has not yet been traced, and as with anything else in the blockchain, it might be impossible to do so. The hackers were able to get to the wallets by using online seed generators. These websites would offer users a quick fix as a way to get a new seed for the IOTA wallet they use.
How Seed Generation on IOTA Works
When you create a new IOTA wallet, you are required to come up with an 81-character seed rather than having the process being automated. There are numerous workarounds to this issue, of course. You can, for instance, use the IPFS seed generator or create a key with a Linux or Mac terminal. However, all of these solutions are complex and most ordinary users do not understand them.
The major site for seed generation on IOTA wallets took down its website when the story of the hack leaked out. To use the generator, all you had to do was move the mouse around for some randomness. You would then get a seed that fit the requirements of the IOTA wallet. You could also get a version of the seed, which was encoded as a mnemonic phrase.
According to a recent blog post, the attackers deployed a DDoS attack against all popular IOTA fullnodes. This left the victims unable to access their funds and withdraw them. It was quite easy for the attackers to access the funds. For one, they already knew the seeds, which they got from the site generator. You also handed them your keys when you used the site. For now, there is a discussion going on amongst fullnode operators on how to protect the public from future DDoS attacks.
The IOTA community has since come out strongly on the issues of seed generators and the hack. They are encouraging users to change elements of their seeds if they want to prevent against vulnerability. Besides this, they have pointed out that the problem had nothing to do with their technology, rather the issue lay with the online seed generators.
IOTA has experienced a few issues in recent times. One of the issues was when a botched press cycle showed their partnership with Microsoft in a bad light. They also had to patch up some vulnerability back in the fall. Another issue arose in October when the team at IOTA had to take custody of all at-risk funds due to an issue with the use of a snapshot. IOTA just cannot seem to shake off controversy.
What do you think about this latest hack of the IOTA wallets? Will it affect the popularity of IOTA? Leave us your thoughts in the comment section below.