The group leading the development of the IOTA blockchain, the IOTA Foundation, has run into a troubling situation. The non-profit was forced to halt its network this past Wednesday after discovering that the IOTA Trinity wallet had been attacked by hackers, resulting in the theft of tokens it held. The issue is still being unraveled, but there are reports that anywhere from $300,000 to $1.6 million in IOTA tokens may have been lifted from the wallet.
When reports started flowing in on Wednesday that the wallet could have been hacked, the group took action and shut down the Coordinator node to look into the issue further. It is reportedly looking into a security flaw found in an earlier version of the wallet, and explains, "First (but not all) exchanges have responded, reporting that no monitored funds have been transferred or liquidated. Most evidence is pointing towards seed theft, cause still unknown and under investigation. Victims (around 10 that identified with the IOTA Foundation so far) all seem to have recently used Trinity."
As indicated, there have been ten victims identified. Trinity is available for mobile devices, as well as Windows and MacOS, and some reports indicate that the problem may be limited to the desktop application. However, this has not yet been confirmed.
This isn't the first time that IOTA has run into security issues, but the possible theft of as much as $1.6 million could make it one of the most disastrous. In the past, the wallet implementations have been known to be buggy and unstable, and tokens have been lost or sent to the wrong addresses. The development team also previously rolled out a controversial hash function that was met with a lot of criticism, which developers refuted. However, they later changed the code anyway to respond to those complaints.
By far, the most disastrous hit to the alternative blockchain's reputation came when a hacker out of the UK stole $11 million in IOTA tokens. However, his run was short-lived, as law enforcement was able to track him down and arrest him, and IOTA was able to recover the majority of the stolen funds.
After this latest attack, the foundation is already working with law enforcement to determine how much damage was done. The group explains in an announcement, "We've shifted the complete focus of all relevant resources of the IOTA Foundation to this investigation last night and we have been working in teams to investigate [the] impact and cause together with the identified victims." It added, "We have been working on the investigation of attacked seeds and analyzed the attack pattern, using a set of newly developed tools, as well as finishing a complete manual verification (to validate tooling reliability)."