IOTA fixes bug in desktop cryptocurrency wallet after crooks make off with more than $1m, but network has remained offline since last week
The IOTA Foundation has released a new version of its Trinity desktop cryptocurrency wallet, fixing bugs thought to have been used to steal more than $1 million (£770,000) worth of IOTA currency last week.
The theft prompted IOTA to effectively take the entire cryptocurrency offline, and it remained offline as of early Monday morning as the organisation finalised its remediation plan.
IOTA has not detailed how much was stolen, but unconfirmed reports said the thefts made off with a total of about $1.6m from about 10 high-value accounts.
After the hack occurred on Wednesday, 12 February, IOTA took the cryptocurrency’s “Coordinator” node offline, effectively barring any further value transactions from occurring.
The organisation also advised users not to open the Trinity online wallet until the vulnerability had been patched.
Monday’s release of a new version of the desktop edition of Trinity allows users to check their balances and transactions.
“This version (1.4.0) removes the vulnerability announced on 12th February 2020,” IOTA said in an advisory.
The group advised users to contact IOTA via the Discord communications platform if they see outgoing transactions that look fraudulent.
While the mobile version of Trinity isn’t thought to have been affected by the attack, IOTA advised users not to open it until a new version is released.
“The Coordinator remains down for now as we finalise our remediation plan,” the group stated. “You will not be able to send value transactions.”
On Saturday IOTA said it had fixed the security vulnerability and was working on an analytics toolset that would help investigators track the stolen funds.
It said the situation was “complex” and thanked users for their patience.
IOTA shut down the network within 25 minutes of receiving reports that hackers were stealing funds from users’ wallets, according to its status page.
The vulnerability affected a “third-party integration” of Trinity, the group said at the time. IOTA said it is working with law enforcement to track down the attackers.
The currency’s value has fallen from $0.35 on Wednesday to a current value of around $0.27.