IOTA an open-source distributed ledger for IoT endured a phishing scam that costs the users about $4 million. The hacker Norgertvdberg has been in this scheme for the past six months. However, the wallet bug, bad technological design among other factors indicate a scamming process all along.
IOTA’s security compromised through a phishing attack
IOTA, a cryptocurrency for the Internet of Things suffered a hack attack of about $4 million. A clever hacker, identified as Norbertvdberg, created an elaborate phishing plan to carry out this hack. Since August 2017, the hacker has been collecting private keys for IOTA wallets. On January 19, the hacker finally decided to capitalize on his six months long scheme.
Last Friday, there have been raving speculations on Reddit by the IOTA users that their funds were missing from their wallets. There has been basically malicious websites in use to generate the password details for IOTA, a fintech network.
The private keys also called seeds have been used to authenticate the identity of a wallet’s owner. These keys are random strings of alphanumeric characters that need to be 81 characters long. Due to keys being so lengthy, IOTA investors more often than not made use of online tools in order to generate the key. The hacker took advantage of this situation and created a domain iotaseed.io that he advertised as a seed generator.
The hacker claimed the service to be secure but it actually operated in a very different way. Iotaseed.io basically used a primary fixed number that had predictable variable changes instead of creating a random key for the user. This means the hacker is able to predict and log in and further break into the accounts.
Though the number of victims hacked are unknown, the site itself has a large user base. The hacker advertised the website in such a good fashion that it resulted in top result searches for “IOTA seed generator” queries on Google.
Norbertvdberg extracted the investors’ wallets quite easily and you can’t help but to a part blame it on the DDoS attack that was carried out against the IOTA network. This attack happened at the same time when IOTA developers were kept from investigating the unauthorized transactions.
The hacker, who once was an active user on Quora, Reddit and GitHub, has completely disappeared from the internet. Moreover, its website no longer offers the private key generator service rather shows a “Taken down. Apologies.” text merely.
Attack raises concerns over security gaps in top cryptocurrencies
IOTA which has been considered a very secure project suddenly lost not just millions of money but has also earned a question mark on how legitimate or secure it has been from the start. The project was analysed by MIT that found several vulnerabilities to it but IOTA only claimed MIT to be academics in its deflection.
The technical design seems was never good enough and people were skeptical about it. Also, another significant issue was the bug in IOTA’s wallet that took a series of tries by the user to complete a transaction. It had been said that it was intentional on the IOTA’s part.
Since the scam is carried out, there hasn’t been much change in the value of IOTA that is about $2.55 with a market capitalization of $7 billion.
Another scam in the cryptocurrency market, how do you think it will affect the cryptocurrencies? Let us know your thoughts in our comment section below!
The presented content may include personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for you personal financial loss.
Follow us at
I am an associate content producer for the news section of Coingape. I have previously worked as a freelancer for numerous sites and have covered a dynamic range of topics from sports, finance to economics and politics.