Recent IOTA vulnerability: Example of poor vetting by investors

[shyliar]

Interesting article on the recent IOTA vulnerability that goes into the lack of proper vetting by investors. Really makes you wonder why new coins that haven't been vetted have billion dollar valuations. The typical cryptocurrency investor just isn't that smart.

https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367

"You might think that IOTA, a cryptocurrency worth over a billion dollars, and working with organizations like Microsoft, University College London, Innogy, and Bosch, BNY Mellon, Cisco, and Foxconn (through the Trusted IOT Alliance) would not have fairly obvious vulnerabilities, but unfortunately, that’s not the case. When we took a look at their system, we found a serious vulnerability and textbook insecure code."

"Many investors are relying on signaling — if enough well-known institutions like universities or large companies sign on as investors or advisors, it indicates approval of the project and its software. The problem is that some of these technologies have serious issues, and the large companies and well-known individuals either aren’t doing due diligence and investing the resources and time needed to evaluate the projects with which they are partnering, or aren’t sharing their findings with everyone else. The cryptocurrency space still doesn’t have a good way to assess these projects."

[gfunk]

Yep.

I just cut my losses and dumped my IOTA.

There are so many currencies that have serious problems, e.g. Bytecoin took like 6 months to patch a known flaw that enabled anyone to print as many coins as they want due to a flaw in their implimentation of the EC scheme they used. Dash is still going around pretending it has privacy (and all these people who can't write a line of code believe it). Ripple isn't even a cryptocurrency. Etc etc.

I'm becoming more of a Bitcoin-only guy every day.

[shyliar]

Also you look at the top coins and except for bitcoin and litecoin the distribution included some type of "premine" or questionable distribution method, followed by massive marketing. It's as if the entire community has been conned.

[oharac]

Have you guys read the entire article?
There is no vulnerability right now.
You guys know better than me most of the people wont even go to that link and read the article. They will just read what you quoted on this topic and react with only that information.
Please dont be selective when you give information. Give all the facts.

And please read this one too:
https://medium.com/@jer979/disclosure-im-an-advisor-to-iota-4956de37cfa0

[Daydream 61]

if many people because of these items iota i sell we can iota cheap shopping .if the price falls still further I will buy
is then a good opportunity to fill his wallet  no risk no fun

[Red_Sanford]

Most projects have had security flaws. DAO anyone ? How about the report released last year about 80% of Monero transactions prior to 2016 that had the ability to be tracked ?

The DAO was an example of the first smart contract
Monero is based on anonymity
Parity Wallet anyone

The list goes on..

This is par for the course in emerging technology

Scoop em up while you can, the price will recover

[Shoxc]

Have you guys read the entire article?
There is no vulnerability right now.
You guys know better than me most of the people wont even go to that link and read the article. They will just read what you quoted on this topic and react with only that information.
Please dont be selective when you give information. Give all the facts.

And please read this one too:
https://medium.com/@jer979/disclosure-im-an-advisor-to-iota-4956de37cfa0

Problem is, that many people come here for quick money and invest in coins they have never heard of. When you watch the chat on (for example) liqui and how people react on ridiculous postings in there, you know that there are way to many people gambling without having any clue.

[shyliar]

Have you guys read the entire article?
There is no vulnerability right now.
You guys know better than me most of the people wont even go to that link and read the article. They will just read what you quoted on this topic and react with only that information.
Please dont be selective when you give information. Give all the facts.

And please read this one too:
https://medium.com/@jer979/disclosure-im-an-advisor-to-iota-4956de37cfa0

Well people who don't read links that are provided shouldn't even be investing in cryptocurrency. Providing a link is providing a great deal of information. More than the typical post. Your complaint is somewhat unfounded; but, I have modified the title of the thread to reflect more of the content.

If you read the article again you'll discover that the authors agree that the IOTA team did make changes that prevented their specific attack. They also go on to raise additional red flags about the code. This indicates that in their opinion the IOTA code still needs to be fully vetted.

I think you're missing the point of the tread as outlined in the first two sentences of the original post.

"Interesting article on the recent IOTA vulnerability that goes into the lack of proper vetting by investors. Really makes you wonder why new coins that haven't been vetted have billion dollar valuations."

Please feel free to interchange the word IOTA with various other coins. The fact is again and again amature coding is appearing in multiple coins (this time it just happens to be IOTA). Meanwhile the marketing arms of those coins promote their code as cutting edge technology. Since when has poor code been cutting edge? In their marketing they attack proven well vetted code like bitcoin as being obsolete. As if being highly secure doesn't matter.

[JesusCryptos]

It is truly completely incredible that billions of dollars get invested just on the "belief" that the code is safe, when in fact it is not. Guess if those who have found Iota's vulnerability would have been bad guys instead of good guys...

[joshki]

Have you guys read the entire article?
There is no vulnerability right now.
You guys know better than me most of the people wont even go to that link and read the article. They will just read what you quoted on this topic and react with only that information.
Please dont be selective when you give information. Give all the facts.

And please read this one too:
https://medium.com/@jer979/disclosure-im-an-advisor-to-iota-4956de37cfa0

You're technically not correct.  Stating that "there is no vulnerability right now", when the broken and homespun hash function they built is still in use in the cryptosystem is a bold statement that doesn't have any backing and is probably incorrect.

They patched the *specific* vulnerability they were told about, unwillingly.  Their reaction and their software development has clear issues and this crypto is probably not long for the world. 

[joshki]

It is truly completely incredible that billions of dollars get invested just on the "belief" that the code is safe, when in fact it is not. Guess if those who have found Iota's vulnerability would have been bad guys instead of good guys...

Also, who is to say that others haven't found and exploited it?

It's likely they have.  The bad guys looking for profit tend to be a whole lot more motivated than researchers for MIT who are doing it for the greater good.

[tk808]

It is truly completely incredible that billions of dollars get invested just on the "belief" that the code is safe, when in fact it is not. Guess if those who have found Iota's vulnerability would have been bad guys instead of good guys...

You have a lot to learn. Digital currencies aren't about code, or what they represent, it's all about marketing and getting the bandwagon of people on the hype-train. After investors have profited, noone really gives two shits about any coin, it's all the same type of investment from a traders prospective. As long as the information and news around the coin continues, that coin will be a good investment.

The only coin that has any worthwhile value still remains Bitcoin due to it's depth and being the standard to trade currencies in. Every other coin, is just a coin.

[joshki]

Have you guys read the entire article?
There is no vulnerability right now.
You guys know better than me most of the people wont even go to that link and read the article. They will just read what you quoted on this topic and react with only that information.
Please dont be selective when you give information. Give all the facts.

And please read this one too:
https://medium.com/@jer979/disclosure-im-an-advisor-to-iota-4956de37cfa0

Well people who don't read links that are provided shouldn't even be investing in cryptocurrency. Providing a link is providing a great deal of information. More than the typical post. Your complaint is somewhat unfounded; but, I have modified the title of the thread to reflect more of the content.

If you read the article again you'll discover that the authors agree that the IOTA team did make changes that prevented their specific attack. They also go on to raise additional red flags about the code. This indicates that in their opinion the IOTA code still needs to be fully vetted.

I think you're missing the point of the tread as outlined in the first two sentences of the original post.

"Interesting article on the recent IOTA vulnerability that goes into the lack of proper vetting by investors. Really makes you wonder why new coins that haven't been vetted have billion dollar valuations."

Please feel free to interchange the word IOTA with various other coins. The fact is again and again amature coding is appearing in multiple coins (this time it just happens to be IOTA). Meanwhile the marketing arms of those coins promote their code as cutting edge technology. Since when has poor code been cutting edge? In their marketing they attack proven well vetted code like bitcoin as being obsolete. As if being highly secure doesn't matter.

There are also articles out today talking about the centralization of iota, and the relationship between iota and bitfinex.  Neither of those is a good thing.

[joshki]

It is truly completely incredible that billions of dollars get invested just on the "belief" that the code is safe, when in fact it is not. Guess if those who have found Iota's vulnerability would have been bad guys instead of good guys...

You have a lot to learn. Digital currencies aren't about code, or what they represent, it's all about marketing and getting the bandwagon of people on the hype-train. After investors have profited, noone really gives two shits about any coin, it's all the same type of investment from a traders prospective. As long as the information and news around the coin continues, that coin will be a good investment.

The only coin that has any worthwhile value still remains Bitcoin due to it's depth and being the standard to trade currencies in. Every other coin, is just a coin.

I wouldn't go quite that far, by that measure alone ltc is in the same league and ETH (as much as I hate to say it because I still call the whole thing a scam) has the same treatment from many exchanges.

[digaran]

People never vetted Bitcoin until 1-2 years ago, no actually until a few months ago when the scandal of ASICboost became a news and shattered our beliefs about due diligence of Bitcoin experts, every body trusted them, if segwit wasn't disabling the asicboost I would've advised every body to clean their hands off the Core team. nowadays every ICO coin is claiming to be the best crypto currency. IOTA ICO coin doing the same thing. when a dev calls his 100% pre-mined coin better than Bitcoin you should know the rest like a script written for all of the likes of it.

[shyliar]

People never vetted Bitcoin until 1-2 years ago, no actually until a few months ago when the scandal of ASICboost became a news and shattered our beliefs about due diligence of Bitcoin experts, every body trusted them, if segwit wasn't disabling the asicboost I would've advised every body to clean their hands off the Core team. nowadays every ICO coin is claiming to be the best crypto currency. IOTA ICO coin doing the same thing. when a dev calls his 100% pre-mined coin better than Bitcoin you should know the rest like a script written for all of the likes of it.

I would suggest that you're comparing Apples to Oranges; but, those are at least similar in that they are both fruit.

Firstly, I do agree as you said that every "ICO coin is claiming to be the best crypto currency". That said Bitcoin wasn't handed a billion dollar valuation overnight because someone said it was really good. It earned it by proving how good it was. It took years not minutes. The point being made in the article is that just saying something is good and giving it a billion dollar valuation is absurd.

Secondly, you're suggesting that a text book coding mistake that allows someone to steal your coins is similar to a advanced hardware implementation of a technique that gives a miner an advantage in finding a block. They are not similar.

Additionally, the technique was actually patented in 2014 after being realized several years earlier. No one in the Bitcoin team tried dismissing it as being irrelevant as the IOTA team supposedly did in this case.

[joshki]

People never vetted Bitcoin until 1-2 years ago, no actually until a few months ago when the scandal of ASICboost became a news and shattered our beliefs about due diligence of Bitcoin experts, every body trusted them, if segwit wasn't disabling the asicboost I would've advised every body to clean their hands off the Core team. nowadays every ICO coin is claiming to be the best crypto currency. IOTA ICO coin doing the same thing. when a dev calls his 100% pre-mined coin better than Bitcoin you should know the rest like a script written for all of the likes of it.

I would suggest that you're comparing Apples to Oranges; but, those are at least similar in that they are both fruit.

Firstly, I do agree as you said that every "ICO coin is claiming to be the best crypto currency". That said Bitcoin wasn't handed a billion dollar valuation overnight because someone said it was really good. It earned it by proving how good it was. It took years not minutes. The point being made in the article is that just saying something is good and giving it a billion dollar valuation is absurd.

Secondly, you're suggesting that a text book coding mistake that allows someone to steal your coins is similar to a advanced hardware implementation of a technique that gives a miner an advantage in finding a block. They are not similar.

Additionally, the technique was actually patented in 2014 after being realized several years earlier. No one in the Bitcoin team tried dismissing it as being irrelevant as the IOTA team supposedly did in this case.

The asicboost thing also doesn't break the coin like the iota hash break did. Very significant difference.

[JesusCryptos]

Have you guys read the entire article?
There is no vulnerability right now.
You guys know better than me most of the people wont even go to that link and read the article. They will just read what you quoted on this topic and react with only that information.
Please dont be selective when you give information. Give all the facts.

And please read this one too:
https://medium.com/@jer979/disclosure-im-an-advisor-to-iota-4956de37cfa0

Well people who don't read links that are provided shouldn't even be investing in cryptocurrency. Providing a link is providing a great deal of information. More than the typical post. Your complaint is somewhat unfounded; but, I have modified the title of the thread to reflect more of the content.

If you read the article again you'll discover that the authors agree that the IOTA team did make changes that prevented their specific attack. They also go on to raise additional red flags about the code. This indicates that in their opinion the IOTA code still needs to be fully vetted.

I think you're missing the point of the tread as outlined in the first two sentences of the original post.

"Interesting article on the recent IOTA vulnerability that goes into the lack of proper vetting by investors. Really makes you wonder why new coins that haven't been vetted have billion dollar valuations."

Please feel free to interchange the word IOTA with various other coins. The fact is again and again amature coding is appearing in multiple coins (this time it just happens to be IOTA). Meanwhile the marketing arms of those coins promote their code as cutting edge technology. Since when has poor code been cutting edge? In their marketing they attack proven well vetted code like bitcoin as being obsolete. As if being highly secure doesn't matter.

There are also articles out today talking about the centralization of iota, and the relationship between iota and bitfinex.  Neither of those is a good thing.

I heard about the centralization of Iota. Some say that the the reason for its insane quotation is precisely the fact that just a few people have too many coins and they won't sell. But that's very very bad for a currency...

[joshki]

Have you guys read the entire article?
There is no vulnerability right now.
You guys know better than me most of the people wont even go to that link and read the article. They will just read what you quoted on this topic and react with only that information.
Please dont be selective when you give information. Give all the facts.

And please read this one too:
https://medium.com/@jer979/disclosure-im-an-advisor-to-iota-4956de37cfa0

Well people who don't read links that are provided shouldn't even be investing in cryptocurrency. Providing a link is providing a great deal of information. More than the typical post. Your complaint is somewhat unfounded; but, I have modified the title of the thread to reflect more of the content.

If you read the article again you'll discover that the authors agree that the IOTA team did make changes that prevented their specific attack. They also go on to raise additional red flags about the code. This indicates that in their opinion the IOTA code still needs to be fully vetted.

I think you're missing the point of the tread as outlined in the first two sentences of the original post.

"Interesting article on the recent IOTA vulnerability that goes into the lack of proper vetting by investors. Really makes you wonder why new coins that haven't been vetted have billion dollar valuations."

Please feel free to interchange the word IOTA with various other coins. The fact is again and again amature coding is appearing in multiple coins (this time it just happens to be IOTA). Meanwhile the marketing arms of those coins promote their code as cutting edge technology. Since when has poor code been cutting edge? In their marketing they attack proven well vetted code like bitcoin as being obsolete. As if being highly secure doesn't matter.

There are also articles out today talking about the centralization of iota, and the relationship between iota and bitfinex.  Neither of those is a good thing.

I heard about the centralization of Iota. Some say that the the reason for its insane quotation is precisely the fact that just a few people have too many coins and they won't sell. But that's very very bad for a currency...

Some of the things I read the other day when the vulnerability was announced make me think there is a good chance it could simply die.  If one of the vulnerabilities they don't know about is exploited, it's going to be a very bad day, and the lack of demand will drive the price to zero and get them delisted very quickly.

[Will.Smith]

Have you guys read the entire article?
There is no vulnerability right now.
You guys know better than me most of the people wont even go to that link and read the article. They will just read what you quoted on this topic and react with only that information.
Please dont be selective when you give information. Give all the facts.

And please read this one too:
https://medium.com/@jer979/disclosure-im-an-advisor-to-iota-4956de37cfa0

Well people who don't read links that are provided shouldn't even be investing in cryptocurrency. Providing a link is providing a great deal of information. More than the typical post. Your complaint is somewhat unfounded; but, I have modified the title of the thread to reflect more of the content.

If you read the article again you'll discover that the authors agree that the IOTA team did make changes that prevented their specific attack. They also go on to raise additional red flags about the code. This indicates that in their opinion the IOTA code still needs to be fully vetted.

I think you're missing the point of the tread as outlined in the first two sentences of the original post.

"Interesting article on the recent IOTA vulnerability that goes into the lack of proper vetting by investors. Really makes you wonder why new coins that haven't been vetted have billion dollar valuations."

Please feel free to interchange the word IOTA with various other coins. The fact is again and again amature coding is appearing in multiple coins (this time it just happens to be IOTA). Meanwhile the marketing arms of those coins promote their code as cutting edge technology. Since when has poor code been cutting edge? In their marketing they attack proven well vetted code like bitcoin as being obsolete. As if being highly secure doesn't matter.

There are also articles out today talking about the centralization of iota, and the relationship between iota and bitfinex.  Neither of those is a good thing.

I heard about the centralization of Iota. Some say that the the reason for its insane quotation is precisely the fact that just a few people have too many coins and they won't sell. But that's very very bad for a currency...

Are there any real information about this aspect? I'm interested in the IOT overall as in idea but i understand that technology is not ready right now. It should a lot of work before something what that mentioned will be ready for implementation in real world. Could you post some link or any evidence about that fact?