IOTA funds were stolen (3.49Ti ~500k$) on 12th March 2020 after network relaunch [longread]

Hey CC comunity!First of all, sorry for posting it a bit late I have some serious changes in my lifestyle and business due to Coronavirus situation in the world. For those who are infected I wish to get well soon and all the rest to stay safe and to stay home.Here is my short story:On March 12th I made similar but short post regarding my stolen IOTA in the sub r/IOTA. First of all I met around 50% downvotes, I don’t know why but it seems that IOTA’s community don’t want to see posts regarding stolen IOTA, I got a lot of critics for using Trinity wallet instead of hardware and so on. But I see nothing strange using desktop wallet and it doesn’t matter whether it is IOTA Trinity or Bitcoin QT or Ethereum wallet unless in has strong manually typed password, VPN connection and some other security things. Or maybe IOTA’s community was afraid of unwanted bad attention during that market crash that day. So because of that experience I decided to make a post here at r/CC.Some short reminder of what happened before my funds got stolen (https://ift.tt/2Jau88P news:https://ift.tt/2UwiIlh you don’t want to read that news here are some facts with timestamp:February 12th 2020 - 18:55As a precaution we ask you to keep your Trinity wallet closed for now.February 12th 2020 - 19:20After initial investigation we decided to turn off the Coordinator to make sure no further theft can occur until we find out the root cause of these thefts. (Lets say: “blockchain stopped”)February 14th 2020 - 17:50We have found the exploit.February 15th 2020 - 00:50After successfully identifying the attack on Trinity through a third-party integrationFebruary 17th 2020 - 02:23We have just released a safe version of Trinity Desktop to allow users to check their balance and transactions. This version (1.4.1) removes the vulnerability announced on 12th February 2020. (I’ve installed this particular version)February 21st 2020 - 18:43ACTION MAY BE REQUIRED TO PROTECT YOUR TOKENS IN TRINITY.February 24th I left my country for some working tripFebruary 26th 2020 - 13:10We are currently in the testing phase of the migration tools, once testing completes the tools will be audited by a external party. If this all goes well we are aiming to release these tools later this week.February 29th 2020 - 19:15The Seed Migration Tool is now available.March 6th 2020 - 15:17REMINDER: You have until 5PM (UTC), Saturday, 7th March to migrate your seed.I’m still out of the country but I’m pretty sure I’m safe coz I’ve installed 1.4.1 wallet which removes the vulnerability.March 8th 2020 - 18:15The migration period has ended.I got back to my countryMarch 10th 2020 - 16:45We are aiming to resume value transactions around 5PM CET today.March 10th 2020 - 18:15The network coordinator has resumed operation. (Let’s say “blockchain restarted”)Now my turn:My balance by that time (https://ift.tt/39jodsB 10thI’ve decided to send my IOTA to exchange until I buy Hardware wallet and sort it out how it worksTest transaction to exchange 5Gi:JQ9DZPGUFLBJTLDLIKQBWLUBOXJULKIQFSWKNYVFIHETSZJOTGRYEZZELE9BZFVUEBGATEITPDTXXHZVDIt took exchange 24 hours to credit it to my balance…March 11thFirst large transaction to the exchange (~23% of my net holdings of IOTA) 1Ti9YGGTHDKARCBVEPWUYURYEAKSKUNITGCGKSCJRXBVKHLBHEXXTNAWOFNPOBGHG9IKCZRABFNBJHVWNZIZAll over again… 24h to credit it to my balance.March 12thI’ve opened my Trinity wallet and found out that money were stolen 3.4TiPOUBLIDSDZSNLKYBHVDAAEGVKGZ9PGKCBKRGUKEKIUQGSEWZNBQCHLLKIAZKEYHJVGJD9GYHT9JJNY9VWscreenshot of transaction with stolen IOTA (https://ift.tt/3bq45Xx performed transactions (https://ift.tt/2WEw41f day I’ve made first post on reddit to get some attention to the happened situation. At the same time I’ve start to search for some technical support through over official telegram groups:iotatangle(https://imgur.com/McmrF3L)I’ve send a message where I’ve stated that my funds were stolen after network relaunch. Got some response from user Basti he invited me to another group with general discussion.screen shot 1 (https://ift.tt/2WCxPvU shot 2 (https://ift.tt/3arsvzu short dialogue continued at the general discussion group iotacafe(https://ift.tt/3dpjcC5) Where Basti introduced me to the IOTA Foundation member Antonio Nardella (https://ift.tt/3bpZy7w I started my conversation with Antonio I decide to get some information about him. I’ve found a Medium post with some welcoming words to Antonio Nardella.(https://ift.tt/2vK2HQa) telegram(https://ift.tt/2QGIguN) mediumSeems legit.Of course I couldn't be 100% sure it was him but the information he asked for wasn’t really sensitive so decided to share all I knew and all I did.(https://ift.tt/3ahdhNz) He also mentioned a wallet integrated service MoonPay, whether I used the wallet with this service or not and it didn’t matter if I used the service it self.I’ve informed him that I used 1.4.1 wallet which was recommended to install on February 17th 2020(https://ift.tt/2WDy7mh he gathered all the necessary information regarding loss of funds he took the time for sending this information for investigation team.After a long awaited answer I got the same day this:“Hello, I was informed that the loss of tokens is associated to the person/team responsible for the Trinity wallet attack via a third-party dependency from Moonpay.As suggested on https://ift.tt/2OPbK8E, please file a report with the local police and to cite the following case number when doing so: LKA Berlin, Center for Cybercrime, case number: 200213-1717-i00290.”(https://ift.tt/3djendA, reinstalling the wallet didn't help me to avoid the loss of funds.Well if my funds are proved to be stolen then it means - yes, I’ve used the Trinity wallet between the December 17th 2019 and the February 17th 2020. And yes, I wasn’t able to make seed transition during the given period. I was out of the country starting form Feb 24th till March 8th. I can even proove it with my border passing stamps… You know I didn’t use to take 4.5Ti with me just in case I would need an urgent seed transition. Could you imagine thousands of people with their multimillion Bitcoin holdings carrying private keys everyday with them just in case they would need seed transition… The funds were stolen not by my mistake but IOTA developers/foundation/etc (lets say IOTA team) mistake.At the end of my story I want to take your attention to the fact that I didn’t compromise my PC neither wallet nor password nor seed. All my fault was for using the desktop wallet… How can you imagine your user without using your software/services/etc… I want to publicly call IOTA team (especially mr David Sonstebo) to cover not only those which were to happen back in the Feb 2020 but all the loses which were caused by that wallet vulnerability. (https://ift.tt/2vKONxb for reading and thanks for your time!

Submitted March 24, 2020 at 02:45PM

No comments:

Post a Comment