The IOTA technology is secure. The attacker did not leverage any vulnerability.
Entire tangle was brought down to a screeching halt because one guy DDoS'd all the nodes, and then ran his own node and stole 1.7 trillion IOTA from a bunch of accounts by brute forcing seeds.
The root cause so this could happen was for users to rely on ONLINE GENERATORS to create their seeds. If you take only one thing away from this: Never, ever use online tools to generate your seeds.
IOTA is, at its core, a truly decentralized, distributed ledger technology. The ledger is not controlled or owned by the IOTA Foundation. The victims literally shared the keys to their wallets with the attackers by using the attackers website. In essence, from a purely technical and security perspective, all transfers that happened under this attack, are legitimate transactions.
The attackers knew the seeds. You invited them into your wallet, by handing them your keys on a silver platter.
The community of fullnode operators is discussing various strategies to better protect public community nodes from this specific and similar DDoS attacks in the future.
IOTA is not a consumer level mainstream user technology, yet.
DO NOT USE ONLINE SEED GENERATORS
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://medium.com/@ralf/what-happened-last-night-on-iota-b6157ade1e03
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit