Hackers reportedly used seeds collected through iotaseed.io to move funds into their own wallets.
Malicious online seed generators are responsible for the theft of $4 million worth of IOTA tokens, according to a report by online news source CCN.
In order to create a new IOTA wallet, a user must provide a string of 81 characters that can be used to access the wallet. Although there are several methods of generating such a string using offline resources, the process can be a bit complicated. Therefore, someIOTA holders turn to online seed generators, websites that can be used to easily generate strings of characters that can be used as seeds for IOTA wallets.
The site responsible for the generation of malicious seeds, iotaseed.io, has ceased operations. Now, the site displays the simple message: “Taken down. Apologies.” The fact that the site was shut down with “apologies” may be indicative of the fact that the site had been temporarily compromised by hackers, and that the original operators discontinued the site once control was regained.
Ralf Rottman, founder of Grand Centrix, originally described the attack in a Medium post on January 20, saying that attackers who appeared to have been collecting “piles of seeds” for some time began moving funds from the affected users’ wallets into their own wallets en masse on January 19.
A Simultaneous DDoS Attack Prevented Affected Users from Recovering Funds
At the same time, wrote Rottman, attackers launched a DDoS(distributed denial of service) attack against some of the IOTA network’s known fullnodes, which thwarted users’ efforts to recover their funds. Rottman added that the fact that community-run nodes were the ones affected was significant; none of his company’s privately-run nodes (located at iota.fm) were compromised.