IOTA Community faced with hacker attack. Around $ 4 000 000 was stolen with the help of malicious websites providing users with a new wallet seed. This is reported by CCN.
In the end, at least $3.94m worth of IOTA was stolen. This was facilitated by a DDoS attack against all public nodes.
— Nic Carter (@nic__carter) 21 января 2018 г.
When creating an IOTA wallet, users need to create a seed-key, consisting of 81 characters. Many users preferred to use online generators for such keys - websites that create passwords.
One of the sites passed information to scammers. Those used seed-keys and emptied the wallets of users.
The attackers knew the seeds. You invited them into your wallet, by handing them your keys on a silver platter. The community of fullnode operators is discussing various strategies to better protect public community nodes from this specific and similar DDoS attacks in the future.
OTA Evangelist Network [IEN] member
The IOTA community encourages users to change elements of the seed in order to prevent any vulnerabilities. They have also been repeatedly pointing to the fact that the vulnerability has nothing to do with IOTA’s technology, and rather just seed generating services.