The hacker executed his scheme on January 19, when he used the information he gathered —private keys for IOTA wallets— to steal money from users’ accounts. The damage was estimated at around USD 3.94 million worth of IOTA, at the time of the hack.
In order to keep their IOTA cryptocurrency funds, users need to create a wallet. When users create a IOTA wallet, they are required to enter a seed of 81 characters long. There are various ways to generate this random string, but one way is to use an online seed generator.
In August 2017, the hacker registered the domain iotaseed.io and advertised it as an IOTA seed online generator. Since most cryptocurrency users are suspicious of random sites, the hacker linked the iotaseed.io website to a GitHub repository, alleging the website was running the very same code.
In reality, people visiting the iotaseed.io website received predictable seeds, which the hacker had secretly logged. Then he/she used advertising to promote the website as the top result in Google results for “IOTA seed generator” search queries, driving massive amounts of traffic to the site.
On January 19, the hacker utilized the collected logs over a six month period to access IOTA accounts with the seeds (private keys) he collected and started transferring funds out of owners’ wallets. Moreover, IOTA network nodes suffered a DDoS attack at the same time, keeping IOTA developers busy instead of investigating the mysterious transactions, and possibly stopping their origin.
Currently, the iotaseed.io website now features a message that reads: “Taken down. Apologies”, the online publication concludes.
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright