After an apparent hack of the official IOTA wallet (MIOTA) on February. 12, the IOTA Foundation has released a secure desktop version of the Trinity wallet.
According to a Feb. 17 update post, IOTA should update their Trinity apps to securely check their balances and transactions through Trinity 1.4.1, a new version designed to remove the recently detected vulnerability from the portfolios.
Released on February 16, the new version of the wallet is apparently not the complete solution for the recent infringement because the IOTA special network coordinator is still on hold. According to an update posted on February. 16, the coordinator remains disabled because the foundation is completing their “recovery plan”, preventing users from sending value transactions.
According to the latest update, the IOTA Foundation will only restart the coordinator after users have migrated their tokens to secure seeds. The foundation noted that IOTA will release the seed migration tool in “coming days” and notes that the action will be another important measure to protect user funds. They wrote:
“By migrating your tokens to new, safe seeds before the coordinator is restarted, you do not allow the attacker to do unauthorized transfer of your tokens if he / she has not already done so.”
In the last report, IOTA also noted that the IOTA security team has succeeded in discovering that the hack started on or around January. 25, 2020, reportedly targeted only at Trinity users on desktop. However, the company still recommends that both desktop and mobile users migrate their tokens to a new seed once the migration tool is released.
According to information on the thread, the IOTA Foundation has not yet calculated the sum of the losses due to the hack. As the company is still finalizing its remediation plan, it seems unclear how much money has been lost as a result of the attack. In a February 14 update, IOTA explicitly noted that some funds have been stolen:
“The stolen funds were deliberately and repeatedly merged and split to cover up the investigation […] Our current assumption is that the offender first focused on high value accounts before moving to smaller accounts and then being prematurely interrupted by the coordinator’s stopping. “
In addition, some online users have expressed confidence that the lost money will be reimbursed. According to some reports, the Trinity desktop wallet may have lost between $ 300,000 and $ 1.6 million.
Although the IOTA Foundation stressed that the recent exploit only applies to the Trinity Wallet, and the IOTA core protocol was not violated, some users suggested that the security breach could be attributed to the IOTA Foundation. The Trinity Wallet was officially issued by the IOTA Foundation in July 2019, touted as a major improvement in ease of use and security for users who carry out transactions in IOTA.
The IOTA Foundation, a company that maintains MIOTA, the 22nd largest crypto-asset through market capitalization, is already known to have network problems. At the end of 2019, IOTA users were unable to confirm transactions for 24 hours due to an incident with a mainnet. Despite the hacking news, MIOTA has risen nearly 7% over the past 24 hours compared to the press time, according to Coin360.