IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency, has shut down its entire network this week after hackers exploited a vulnerability in the official IOTA wallet app to steal user funds.
The attack happened this week, Wednesday, on February 12, 2020, according to a message the foundation posted on its official Twitter account.
According to a status page detailing the incident, within 25 minutes of receiving reports that hackers were stealing funds from user wallets, the IOTA Foundation shut down “Coordinator,” a node in the IOTA network that puts the final seal of approval on any IOTA currency transactions.
The never-before-seen move was meant to prevent hackers from executing new thefts, but also had the side-effect of effectively shut down the entire IOTA cryptocurrency.
The Coordinator node, along with the IOTA network, are still down and frozen at the time of this article, while IOTA members are investigating the hack.
Hackers used Trinity wallet exploit
IOTA members said hackers used an exploit in “a third-party integration” of Trinity, a mobile and desktop wallet app developed by the IOTA Foundation.
Based on current evidence, confirmed by the IOTA team, it is believed that hackers targeted at least 10 high-value IOTA accounts and used the Trinity exploit to steal funds.
While the IOTA team has not confirmed the value of the stolen funds, open-source reportings has the total at around $1.6 million worth of IOTA coins.
IOTA Foundation members said law enforcement officials have been notified and are involved in tracking down the attackers.
The foundation is also working on an update for the Trinity wallet apps to patch the vulnerability exploited in the hack. In the meantime, IOTA members recommend that users don’t open their wallets until the update is released and installed on their devices.
IOTA is currently ranked #23 on the CoinMarketCap based on the currency’s market cap size. The IOTA price fell from $0.35 per IOTA coin on Wednesday to $0.29 today.