IOTA - Thousands of Wallets Compromised and Funds Stolen

[exadex.org]

Looks like they just ignored the users who told them to add a seed generator to the client. This would have easily prevented this situation.

Although it's still stupid to use an online service that generates your passwords.

[1715535195]

1715535195

[1715535195]

1715535195

[1715535195]

1715535195

[1715535195]

1715535195

[1715535195]

1715535195

[MadMac]

I personally got 5 Gi stolen, that is about 15kUS$, saw one guy posting today that lost 150kUS$.

The big problem with that whole IOTA system is that they use the seed, which is similar to the private key, and no password or any protection at all, to log into their system. At least one could call it a huge design flaw. I'd call it putting everybody in huge, unnecessary risk. And that is not the first time this happens. A private key should never be exposed to anything. Never. And they require it as part of their regular usage.

[exadex.org]

A private key should never be exposed to anything. Never

Then stop exposing your private keys to your Bitcoin wallet.

[BitcoinTurk]

Ha ha ha it's a very funny situation for IOTA investors because everybody thinks IOTA is good for investing. But i say again, ''IOTA is not investing coin, it is a just PUMP coin. IOTA technology and IOTA investments are dead investment.

[MadMac]

Then stop exposing your privates keys to your Bitcoin wallet.

What's that supposed to mean? Your Bitcoin (and Altcoin) wallet private key is never exposed, never used to log into you wallet, never created online, and untouchable to anyone, unless you decide to post it online somewhere.

IOTA on the contrary requires the seed, which is the private key, to log into your wallet. You can not even use that wallet to create this key aka seed locally. The functionality does not exist. And there is no way to password protect it, actually there are no means at all to protect it.

[anthi]

don't blame iota for the stupidness of people

everyone who uses a 3rd party seed generator from questionable sources and then just copies this seed 1 to 1 should be aware that his funds aren't safe

if u are lazy you could even take the so generated seed and just change a few letters with others and or replace a few for 9s
thats enough to secure the seed but sure its not enough to take the risk and just hope for the best

[MadMac]

I disagree. It is a huge design flaw. The very thing they would need to implement is:
1) create seeds locally
2) password protect the wallet.

[MadMac]

Wow crazy, always felt skeptical about not using a wallet through Ledger. I've used a couple wallets to get off the exchange and stake. Wish they were ledger supported.

That would not have protected you, unless the Ledger would have created the seed. Their wallet can not do it, so you are always depending on a third party solution or your own luck with a dice.

[QFT]

The next big hack, 1.5 billion...an enormous amount. I already got rid of iota, but it always sucks to see news like this.
Sorry for the people that got affected.

[MadMac]

If your funds were stolen, please report the address it was sent to here:

https://forum.helloiota.com/9284/Call-to-action-lets-catch-the-thief

That is time critical to get these accounts blocked!

[gikere]

If you bought IOTA, check your wallet. Chances are high that it is empty now.

Don't believe me? Open it and find out yourself that all your funds have been stolen.

How so? People were told to use online seed generators. Yes, a seed, online. Not from the wallet itself, no password, not protection at all. And one clever chap collected all the generated seeds and just cashed in.

What can you do? If it is still "Pending" then check out this posting from the official IOTA forum. If it says confirmed as it does for me, funds are gone.

https://forum.helloiota.com/9100/To-everyone-posting-with-stolen-balances

IOTA tries to blame people now for using the online seed generators. I think the party to blame is IOTA itself, for not putting a seed generator in their light wallet, and for not password protecting it.

This actually calls for class action as thousands of accounts were compromised!

(my x-post from Steemit)

ONLINE, SEED, GENERATORS
What the hell? Why anyone dumb enough to allow this kind of feature exist, let alone user using it.

[The One Who Knocks]

I mean, who in their right mind would use a 3rd party online seed generator without knowing anything about it? This more than proves that people just care about cryptos just for their value and do not spare enough of their time to search for what it means and the whole world about it...

[exadex.org]

Then stop exposing your privates keys to your Bitcoin wallet.

What's that supposed to mean?

When you use the Bitcoin Core client for example, you have a wallet.dat file where your private keys are saved. You need this file to access your Bitcoins and by this, you expose your private keys to your Bitcoin wallet the same way that you enter a pass phrase to login to your IOTA account.

[MadMac]

I mean, who in their right mind would use a 3rd party online seed generator without knowing anything about it? This more than proves that people just care about cryptos just for their value and do not spare enough of their time to search for what it means and the whole world about it...

Well, as a developer of that currency I'd have put that functionality into the wallet/client as all other coins do it to create the private key locally. They just forgot about it it seem. And one was and still is required to use 3rd party solutions as this functionality does not exist, to date. There is no way to create a private key/seed with the IOTA wallet. So it will happen again. Ignorance of the developers, and people simply don't know and are led into loss. Not the first time with IOTA.

[MadMac]

... you expose your private keys to your Bitcoin wallet the same way that you enter a pass phrase to login to your IOTA account.

No, you don't. At no time do you expose your private key. You enter a password, so your wallet is password protected (which IOTA cannot do). And that's it. The private key stays private.

[coolcountry]

$1.5bn is no small amount. Really makes you wonder how patient these scammers were, you have to wait a considerable time for your seed generator to become popular and then extract all that money in one fell swoop. Sorry for people who lost their money, but we have to understand that owning coins is not like putting banknotes in your wallet; you have to remain vigilant at all times.

[exadex.org]

Your Bitcoin private key stays private when your Bitcoin client doesn't send it to someone else. The same applies to IOTA.

[bit247]

IOTA is just another shitcoin, lol

[aznboy84]

If you bought IOTA, check your wallet. Chances are high that it is empty now.

Don't believe me? Open it and find out yourself that all your funds have been stolen.

This is true, but the hack happened more than months ago, or did it happened again? IOTA is not safe, and that is why i do not like to keep it over the exchanges, because it is 10 times more risky than just having it on your wallet.

[Dahman El_Harrachi]

... you expose your private keys to your Bitcoin wallet the same way that you enter a pass phrase to login to your IOTA account.

No, you don't. At no time do you expose your private key. You enter a password, so your wallet is password protected (which IOTA cannot do). And that's it. The private key stays private.

so myetherwallet is not safe because u can login with just some random characters and u can't protect it with password