IOTA Foundation, the nonprofit organization behind the IOTA distributed network, said Thursday that funds have been stolen from users of the Trinity wallet software.
The Germany-based organized announced Wednesday that it moved to turn off the Coordinator node that the foundation currently controls, which, under normal circumstances, ensures the finality and validity of individual transactions that are linked together on the IOTA network. The Foundation said it had done so “to make sure no further theft can occur until we find out the root cause of these thefts. Further investigation taking place from here on.”
Per IOTA Foundation’s latest status update, released earlier today, “[v]ictims (around 10 that identified with the IOTA Foundation so far) all seem to have recently used Trinity.” Trinity is a wallet solution developed by the Foundation to support the IOTA token.
Between $300,000 to $1.2 million worth of IOTA tokens are believed to have been stolen, according to IOTA Foundation co-founder Dominik Schiener.
The Foundation said it has already engaged relevant law enforcement agencies to investigate the issue, and will share a report once the investigation is concluded.
IOTA Foundation co-founder Dominik Schiener told The Block in an email: “We’re currently looking into this issue together with several security analysts to get a full picture on where the vulnerability came from. It is not related to IOTA itself, but rather our Trinity wallet.”
He went on to explain:
“Most likely we are looking at a malicious dependency or even more sophisticated attack related to a third-party integration. We are already in touch with law enforcement and are getting the complete picture of the extent of the attack, but we are most likely looking at around $300k –