IOTA - Thousands of Wallets Compromised and Funds Stolen

[MadMac]

Your Bitcoin private key stays private when your Bitcoin client doesn't send it to someone else. The same applies to IOTA.

What point did you not understand? You need to use your private key, which they call seed, every time you want to log into your wallet. There is no password you can set. It is just openly exposed, be it a keylogger, someone monitoring your connection or prying eyes. It happened not only once, now someone stole some billions of dollars from wallets, and that guy from IOTA, Ralf, writes, it was your own fault. Ridiculous.

No, it was clearly IOTAs fault to not put any protective measures in place and expose people to their design flaws, now we have the disaster. And they say "oh sorry, we are just open source, we were lazy and stupid, but in the end it was only your fault, not ours". Not acceptable.

[exadex.org]

This is true, but the hack happened more than months ago, or did it happened again? IOTA is not safe, and that is why i do not like to keep it over the exchanges, because it is 10 times more risky than just having it on your wallet.

This happened 2 or 3 days ago. Short: They didn't fix it and now it exploded.

[MadMac]

This happened 2 or 3 days ago. Short: They didn't fix it and now it exploded.

It is still going on right now.

[anasso]

Iota devs warned people many times against online seed generators.

if you are lazy to create your own seed, you can use an online seed generator but change some caracters bofore using it.

[exadex.org]

What point did you not understand? You need to use your private key, which they call seed, every time you want to log into your wallet.

I'm trying to explain it one last time. You also need your Bitcoin private keys every time you use your Bitcoin wallet. The Bitcoin wallet could easily send those private keys to anyone.

[MadMac]

Iota devs warned people many times against online seed generators.

if you are lazy to create your own seed, you can use an online seed generator but change some caracters bofore using it.

Sure, they said this after the disaster happened. Cleverly played.

[MadMac]

What point did you not understand? You need to use your private key, which they call seed, every time you want to log into your wallet.

I'm trying to explain it one last time. You also need your Bitcoin private keys every time you use your Bitcoin wallet. The Bitcoin wallet could easily send those private keys to anyone.

And you obviously don't use a Bitcoin wallet. I never ever need to input my private key in any form to open it.

[exadex.org]

LOL it's saved in a wallet.dat file but that makes no difference.

[lncm]

There is some open source html code seed generator that you can download and run offline. I did that.
Just checked it, my IOTA is safe.

Having said that, don't having a wallet able to generate its own seed and encrypt itself with a password was a disaster waiting to happen.

I can't believe why IOTA developers still didn't fix it ASAP.  

[MadMac]

LOL it's saved in a wallet.dat file but that make no difference.

So why do you compare it then with IOTA? Apples and Oranges. And I can password protect my Bitcoin wallet. In IOTA I have to openly enter my private key, no protection at all.

[Sonosax]

how has this not seriously dumped in the past few days?

Its interesting if you google IOTA WALLET HACK lots of posts from Nov/Dec regarding people getting their lite wallet hacked.

[exadex.org]

LOL it's saved in a wallet.dat file but that make no difference.

So why do you compare it then with IOTA? Apples and Oranges. And I can password protect my Bitcoin wallet. In IOTA I have to openly enter my private key, no protection at all.

I see you won't get it.

[zzHQzz]

Tbh the info about online generators was here before IOTA even came to the market (or maybe close to the same time, but still). So no offence but yeah, there is some% of user's fault. However there's definitely should a warning every time you creating a wallet. Similar things happened so many times already still even the biggest projects are not cautios and responsible enough  

[exadex.org]

Adding a seed generator to the client some months ago when the problem became clear would have prevented this issue.

[thrax]

how has this not seriously dumped in the past few days?

Its interesting if you google IOTA WALLET HACK lots of posts from Nov/Dec regarding people getting their lite wallet hacked.

I expected a bigger dump. It went from a high of 0.00027 bitcoins to a low of 0.00021 bitcoins during the last week. Iota's marketcap is $7,523,410,208 USD today, so if 1.5 billion USD worth has been stolen that would mean one in every five coins were stolen. Is the 1.5 billion USD figure based on blockchain analysis of coin movements?

[exadex.org]

Is the 1.5 billion USD figure based on blockchain analysis of coin movements?

I guess it's not based on anything, just a random number that sounds good.

[CrypticInvest]

... you expose your private keys to your Bitcoin wallet the same way that you enter a pass phrase to login to your IOTA account.

No, you don't. At no time do you expose your private key. You enter a password, so your wallet is password protected (which IOTA cannot do). And that's it. The private key stays private.

so myetherwallet is not safe because u can login with just some random characters and u can't protect it with password 

No. Your MyEtherWallet is absolutely safe, if you are using an encrypted UTC file, or better still use MetaMask Chrome add on.

Hope this helps.

[exadex.org]

No. Your MyEtherWallet is absolutely safe, if you are using an encrypted UTC file, or better still use MetaMask Chrome add on. Hope this helps.

Obviously you didn't get the irony of his post.

[Sachubaba]

I expected a bigger dump.

Many IOTA holders are still to know about it....

[MadMac]

Again, as this is still ongoing

If your funds were stolen, please report the address it was sent to here:

https://forum.helloiota.com/9284/Call-to-action-lets-catch-the-thief

That is time critical to get these accounts blocked!