IOTA Trinity wallet hack - status update

A short update about the current situation.As a reminder, ALL TRINITY USERS WHO OPENED TRINITY BETWEEN 17 DECEMBER 2019 AND 18 FEBRUARY 2020 WILL NEED TO USE THE SEED MIGRATION TOOL IN ORDER TO PROTECT THEIR TOKENS. We are still working on building and testing the seed migration tool. We will inform you here as soon as it is ready.Last night we released an updated mobile wallet for both iOS and Android. Please visit the App Store or Play Store respectively to download it or update your current version. While, as of now, we have no indication that mobile users were affected by the attack, out of an abundance of caution, WE STRONGLY RECOMMEND THAT EVEN MOBILE WALLET USERS CHANGE THEIR PASSWORD AND USE THE SEED MIGRATION TOOL AS SOON AS IT’S AVAILABLE.Trinity users who have already updated their wallets will have noticed the removal of MoonPay services from the updated versions of the wallet. This was necessary because the security vulnerability was introduced into the Trinity wallet via the MoonPay integration. We are working on an incident report in which we will publicly disclose the details of the vulnerability, how it was introduced, how it was exploited, and the steps we are taking to improve our security practices as a whole.We have received requests from several users to provide information as to whether any Trinity users’ credit card information might have been compromised in connection with this security incident. Moonpay provides payment processing as a function of its own platform, which is independent of Trinity. For now, we can only share with the community the below statement from Moonpay on this matter. Please note that the IOTA Foundation is not in a position to independently verify the accuracy of the statement, due to the fact that the evidence to support it is not in our possession.MoonPay Statement to Customers on Credit Card Information “MoonPay, as a partner of Trinity Wallet, has been working with the IOTA Foundation and third-party experts to assist with the ongoing investigation. At this time, as the payment processor of the Trinity Wallet, we want to inform users who have input their credit card details into the Trinity Wallet that, to the best of our knowledge, their credit card information is unlikely to have been compromised by this security incident. Credit card details are encrypted and processed in compliance with the Payment Card Industry Data Security Standard. However, until the investigation has been completed, we would like to ask users who purchased Miota using the Trinity Wallet to monitor their statements and report any suspicious activity they observe to their banks immediately.”We are constantly in contact with law enforcement in several countries and are working closely with them to ensure fast and thorough investigations. If you’re an affected user, we would greatly appreciate it if you could please file a report with your local police, as this will help us with the criminal investigations. In most countries you can quickly file a report online. We recommend that you include in your report the following German case file number so that the authorities in your country can quickly get in touch with the other authorities already working on the investigation elsewhere:Germany, Center for Cybercrime, Case Number: 200213-1717-i00290We are still refining the remediation plan in light of continuously updated information and will provide further details as soon as we can.Thank you all for your patience. We will continue to update you on all important developments as we are able.Latest update on the situation can be found at https://ift.tt/2OPbK8E.

Submitted February 19, 2020 at 08:28PM

No comments:

Post a Comment