Over $4 Million worth of IOTA tokens were recently stolen by hackers in one of the most unusual forms of hacking! An online seed generator was responsible for this hack. The website has since been taken down. While in most cases of hacking, it is usually an exchange or a platform’s security which is at fault. However, this time it is actually the case of sheer user negligence.
When a user creates an IOTA wallet, they are asked to provide a string of 81 characters known as a ‘seed’ which could be used to log on to their accounts. There are many safe and offline methods to generate this string of characters. IOTA provides a detailed set of instructions on how to do it. However, some times users tend to take an easier route and depend on online seed generators.
These generators provide the users with a set of random 81 characters. However, those who had generated their seeds using iotaseed.io website were in for a shock yesterday as they found their funds missing from their wallets! As of this moment it is unknown that how many people have been affected by this hack but several dozen people are likely to be affected.
The iotaseed website went down after the attack with a message that said ‘Taken down. Apologies’. The current assumption is that the website in itself wasn’t malicious but was compromised by hackers. The website has since gone live and is operating again, presumably safe to use and hacker-free now.
The hackers were likely planning this attack for a while because there was a DDoS attack on most IOTA full-nodes this week. This was done so that the nodes go offline and the hack victims cannot reclaim their money. This is a lesson on why sometimes the more complicated route is more secure. There are possibly other seed generators which are affected and users are best advised to either change their seeds or their wallets!