Following a wallet hack, the IOTA Foundation hits turbulence
IOTA had been growing in importance since its release in 2015, and it recently had good news to share: the details of its long-awaited “Project Q”, and its partnership with InnoEnergy. As pointed out in “The Tangle”, BNC’s original analysis of IOTA, the Internet of Things (IoT) technology that underpins IOTA shows much promise as a natural evolution of blockchain.
Last month IOTA was hit with a hack. In this article, we'll look at the details of the hack, what it means for investors, and whether the focus of IOTA – the IoT – makes it particularly vulnerable to attack.
The Hack
On February 12, 2020, the IOTA foundation sent out a tweet telling users that its dedicated desktop client, Trinity, had been compromised. Within 25 minutes of receiving information that coins were being stolen from user wallets, the IOTA Foundation took the unprecedented decision to shut down the “coordinator” node in the IOTA network. This had the effect of shutting down all IOTA trading.
In reports over the next few days, the IOTA Foundation released further details of the hack. They blamed a “third-party integration” into the Trinity client, without specifying which one, and said that miscommunication between back-end and design staff had led to a bug being introduced into the system. The hackers appear to have targeted 10 high-worth IOTA accounts and managed to steal $1.6 million worth of IOTA coins before the system went offline.
The IOTA Foundation also sought to reassure investors. It confirmed that law enforcement officials had been informed about the theft, and would be attempting to track the attackers. It also said that the Trinity wallet client would not be put back online until the bug was completely eliminated.
What it means for investors
The details of the hack came as a surprise to many investors. Not only was a bug found in a fundamental part of IOTA’s systems – the Trinity system – but the decision to take the cryptocurrency completely offline is almost unheard of.
Despite this, in a sign of the crypto market’s inefficiencies, the market valuation of IOTA did not drop significantly. Fully 24 hours after the attack, the coin’s value had only dropped $0.06, from $0.35 to $0.29.
There are (at least) two possible explanations for this, and which you believe will depend on your view of altcoins more generally. Some have suggested that the relatively small drop in IOTA, despite the coin being exposed as vulnerable and being rendered useless for a significant period of time, is evidence that the altcoin market is still immature and that financial literacy among investors is at all-time lows. Altcoins like IOTA, goes this line of reasoning, should take a huge dive in the aftermath of this kind of attack, even if only 10 accounts are compromised.
The other explanation is that IOTA remains a promising asset, despite such short-term setbacks. At its core, the Internet of Things industry that the coin is based on continues to show impressive year on year growth, and appears poised to be a major part of the tech landscape within the decade. Looked at in this context, the details of the hack can be seen to have a different valence. Instead of indicating panic, the immediate shutdown of the currency perhaps indicates that the IOTA Foundation are taking theft extremely seriously.
What it means for IOTA
IOTA seems to have emerged from the attack relatively unscathed and retained the support of its existing investors.
Whether this is justified is a more complex question. There are still significant security concerns with the IoT networks that IOTA is based on, and news stories like the continual rebirth of the Mirai malware do little to reassure investors.
These concerns are compounded due to the way the IOTA Foundation has used Trinity as a dedicated client for investors. The company claims that this tool allows investors a greater deal of freedom and flexibility than traditional wallets; others point out that wallets like this, and especially their third-party integrations, remain a major target of cryptojacking.
At the broadest level, the hack illustrates the fear that non-PoW coins remain more susceptible to attack than their PoW cousins, due to the fact that taking PoS staking power is often easier than implementing a 51% attack by means of PoW majority share over the entire coin network. This is particularly true when one aspect of the recent hack is thought about more deeply: just how much of the total stake did the 10 compromised accounts represent?
If, in other words, these "top 10" accounts held more than 51% of the total stake of IOTA, the attackers would have been able to take control of the coin in its totality. This is only speculation, of course, but it could explain why the IOTA Foundation was so keen to shut the coin down.
The Future
For now, however, IOTA remains stable. Whether this will remain the case will depend to a large degree on their response to the recent hack, and to their response to the criticisms that have come alongside it. In short, this is a critical juncture for the coin, and there are plenty of similar coins – not least BURST – waiting in the wings to claim a part of the valuable IoT market.
Finally, on March 6, the founder of Iota, David Sønstebø stated that he would personally reimburse the victims of the Iota hack to the tune of 8.52 million MIOTA — worth around $1.8 million.
The Iota Foundation hopes to relaunch the network this week.
OhNoCrypto
via https://www.ohnocrypto.com
Samuel Bocetta, Khareem Sudlow