IOTA Users Robbed of 4 Million Dollars
January 22, 2018
An unknown attacker or a group of them stole IOTA tokens worth $4 million from wallets of users. As it turned out, all victims used the same website to generate a seed phrase.
IOTA-wallets require an 81-character seed phrase entered by the user and there is no built-in tool to generate one. That is why, several IOTA users turned to third-party websites to generate a seed phrase, because they failed to come up with one themselves or was too lazy for it. One of these websites called iotaseed.io allegedly is a fraudulent one, since it is taken down at the moment. The point is that a seed phrase acts as a private key, and if someone gets to know a seed phrase of a wallet, this person might take full control over this wallet.
IOTA evangelist Ralf Rottman wrote:
"On January 19th, 2018, some IOTA users lost their funds to an unknown attacker. The good news: The IOTA technology is secure. The attacker did not leverage any vulnerability. The root cause so this could happen was for users to rely on online generators to create their seeds. If you take only one thing away from this: Never, ever use online tools to generate your seeds."
It is worthy to note that members of IOTA team always urge users, who generate their seed phrases on third-party websites, to at least change some part of it for self-defense purposes.