IOTA Foundation, the non-profit behind the IOTA decentralized network, has suspended its network on Wednesday following multiple reports of thefts from Trinity wallets.
“After [the] initial investigation, we decided to turn off the Coordinator to make sure no further theft can occur until we find out the root cause of these thefts,” IOTA said.
The foundation also detailed that it has identified around ten victims, and the total loss has been estimated between $300,000 to $1.2 million worth of IOTA tokens.
About $1.6 Million USD worth of #iota have been stolen from ~10 high-value accounts. Bug is likely in the (official) desktop wallet. Network completely stopped for nearly 24 hours now.#IOTAstrong just keeps on giving. pic.twitter.com/CMwyRRtYy0
— 00xou (@00xou) February 13, 2020
IOTA Foundation is also working with law enforcement to investigate the theft. In addition, “cyber forensic experts” are also working with the team to perform deep scans of Trinity’s dependencies as well as affected systems.
“We’ve shifted the complete focus of all relevant resources of the IOTA Foundation to this investigation last night and we have been working in teams to investigate [the] impact and cause together with the identified victims,” the official announcement stated.
No root cause has been identified yet
Though the investigation is still ongoing and the organization is still evaluating multiple possible root causes for the theft, the investigators are suspecting that the perpetrators had exploited a vulnerability in the Trinity wallet.
“We have been working on the investigation of attacked seeds and analyzed the attack pattern, using a set of newly developed tools, as well as finishing a complete manual verification (to validate tooling reliability),” IOTA added.
A few exchanges also reported that no stolen funds had been transferred to their platform for liquidation; however, with the presence of numerous trading platforms, this cannot be guaranteed.
“Due to the ongoing investigation of the root cause, we will continue to halt value transactions on the network. Please note that data transactions are not affected,” the organization added.