Attack on IOTA, funds and seeds stolen from Trinity Wallet

A coordinated attack on the network of the crypto-currency IOTA led to stolen deposits on February 12. The Iota Foundation recommends on its Twitter presence that the Trinity Wallet not be used until more information about the attack is available. At least the desktop version of the Trinity Wallet is affected. The coordinator has been temporarily disabled.


IOTA: Attack on Trinity Wallet began February 12th

The IOTA Foundation warns in its first tweet about the incident on the evening of 12 February:

” We are currently investigating a suspicious situation with Trinity, please do not open or use Trinity Desktop until further notice.”


The status quo

Initially, the talk was of 6 to 7 victims who revealed themselves. They all used the desktop version of the Trinity Wallet. The perpetrator or perpetrators did not use scripts, but carried out the attack manually. After the theft, the perpetrator(s) covered up the traces of the stolen inserts by mixing them.


Today the IOTA Foundation added further information. What exactly happened, however, is still unclear.

” Currently, #IOTA is working with law enforcement and cyber security experts to investigate a coordinated attack that resulted in the theft of funds. To protect users, we have stopped the coordinator and advise users not to open Trinity until further notice.  Updates:”


According to the current information on the status page, the following can already be noted:


  • Seed phrases have been stolen.
  • So far at least ten victims have reported to the IOTA Foundation.
  • All of them have recently used the IOTA Wallet Trinity.
  • Transactional data indicates that at least twice as many victims have been reported.
  • So far the information situation is still contradictory.
  • The coordinator will be shut down until the cause is found.


Attack on IOTA: Coordinator shut down, Tangle unravels

However, shutting down the coordinator de facto paralyses IOTA. This can be seen particularly clearly in the visualization of the network of The tangle (English for “tangle”) currently consists mainly of small groups of unconfirmed transactions that wander around aimlessly. At IOTA each transaction confirms at least two previous ones. Therefore, at least two transactions are linked together in the visualization. The coordinator decides in which direction the tangle will continue.

The still literally central role of the coordinator was last noticed in December 2019. At that time, a bug ensured that the coordinator no longer defined any milestones in the tangle. The IOTA Foundation plans to gradually eliminate the coordinator to make the network more decentralized. Incidents such as the recent find theft are a reminder that these steps cannot be big enough.

But for now, the focus is on finding the root cause. The Foundation promises a comprehensive transparency report as soon as all the details of the attack on IOTA have been clarified.