IOTA Foundation, a non-profit entity behind the ongoing development of the leading IOTA distributed network, confirmed on February 13, 2020, that electronic funds belonging to the users of the Trinity wallet software had been stolen.
The Germany-headquartered organization revealed on Wednesday that it had turned off the IOTA network’s Coordinator node that is presently managed by the foundation. When it’s running, the Coordinator node verifies and authenticates transactions broadcasted on the IOTA network.
The IOTA Foundation noted that it had turned off the Coordinator node because it wanted to make sure that “no further theft can occur until we find out the root cause of these thefts. Further investigation taking place from here on.”
According to the Foundation’s most recent status update, there are about 10 victims of the hack and “all seem to have recently used Trinity,” which is a wallet solution created by the IOTA Foundation for holding and transacting with the IOTA token.
IOTA tokens worth anywhere between $300,000 to $1.2 million may have been stolen, Dominik Schiener, co-founder at the IOTA Foundation, said.
The Foundation says it has contacted law enforcement agencies in order to begin an investigation into the matter, and will be releasing an update report after the probe is completed.
Schiener told The Block:
“We’re currently looking into this issue together with several security analysts to get a full picture on where the vulnerability came from. It is not related to IOTA itself, but rather our Trinity wallet.”
He added:
“Most likely we are looking at a malicious dependency or even more sophisticated attack related to a third-party integration. We are already in touch with law enforcement and are getting the complete picture of the extent of the attack, but we are most likely looking at around $300k – $1.2m in losses.”