Hackers have stolen $4 million of IOTA tokens through online seed generators, CCN reported.
According to a blog post from IOTA Evangelist Network member Ralf Rottmann, the attackers deployed a DDoS attack against popular IOTA fullnodes, leaving victims of the robbery unable to rescue any of their funds.
The site responsible for the generation of malicious seeds, iotaseed.io, has ceased operations. Now, the site displays the simple message:
“Taken down. Apologies.”
While the attack is known, and victims have legitimate losses, given the decentralized nature of a distributed ledger, these transactions cannot be reversed.
Ralf Rottmann was quick to point out that the attack does not reflect on IOTA’s security:
“The attackers knew the seeds. You invited them into your wallet, by handing them your keys on a silver platter. The community of fullnode operators is discussing various strategies to better protect public community nodes from this specific and similar DDoS attacks in the future,” Rottmann wrote.
Online seed generators for IOTA are websites that provide users with a quick solution to generate a new seed for their IOTA wallet. When creating a new IOTA wallet, users are tasked with creating an 81-character seed rather than generation being baked-in.