75 comments

[ 3.0 ms ] story [ 55.4 ms ] thread
Relevant tweet, with the unbelivable bad (but effective!) code: https://twitter.com/eukaryote314/status/953839632206020608
"It is a SCAM and will steal your seed!"

I'm getting General Ripper vibes over here...

Actually this is .co and the posted talks about the .io, so different mechanism. The .co is more blatant.
That code is awesome. If it looks stupid, but it works, it's not stupid.
But they got caught.
Plenty of people on HN would love to get caught $4 million later.
i dont like the idea of having to look over my shoulder for the rest of my life. Is that worth $4 million to you?
No, plus it is not trivial to turn iota into cash.
About as KISS as it could be, they just didn't hide it.
Could someone please post the code in the tweet? Twitter's not letting me see it.
How were multiple people able to use the same wallet? I thought IOTA didn't support address reuse. And how come people didn't notice it already had a balance?
I think previous versions of the wallet allowed address reuse (even though it is not recommended as you leak parts of your private key).

The latest wallet doesn't allow you to send money to such an address.

I think it's a shame how IOTA users desperately seeking ways to safely generate their wallet seeds on third party software. Souldn't it be a built-in feature?
It is gross incompetence that it was not a built-in feature.
IOTA is the coin that invented their own cryptography using ternary logic. Practicality doesn't seem to be a core value.
do anyone prosecute this kind of hacks? or just because is a token without legal status is like stealing Sheldon's gear in WOW.

This kind of pre-generated seed hack is quite dangerous, a lot of mobile apps, don't have deterministic build so you can't be sure the open source version is the same as the one from apple store, and I bet Apple won't do such a thoroughly search.

considering how rabidly most cryptocurrency supporters denounce the government and the banking system and wall street and evil regulations, you would think they would be livid at the idea of a government(!) prosecuting people for anything related to cryptocurrency.
A statist is just a libertarian who had his crypto stolen :)
I'm a cryptocurrency supporter but I'm not anti tax or anti government. I genuinely think that decentralized trust based systems such as blockchain have a place in our world even alongside government.

With that said, I would like to believe that if caught, these types of seed hacks could be prosecuted. (If viable)

> I'm a cryptocurrency supporter but I'm not anti tax or anti government.

The GNU Taler project might be interesting to you, then.

It is based on design decisions that are refreshingly different from classic crypto currencies (who implement more an anarcho-capitalism mindset). Because of those design differences, I'm not sure if it should be considered a crypto currency or not. (They themselves do not.)

Website: https://gnutaler.org/

Presentation at SHA2017: https://taler.net/videos/sha2017taler.webm

Paging dang, can you fix this?
So as a non-cryptocurrency suppporter, what's the point then? Making things distributed necessarily makes it slower and harder/more expensive to regulate (let alone operate). Not to mention the high volatility which is the primary thing that gives a currency any value (hence, why the US Dollar is considered the reserve currency of the world: its stability). At some point, a duck is a duck. This duck is a fun experiment and someone discovered how to combine proof of work (old concept) with quorums (old concept) and a distributed ledger (old concept) that altogether gave the illusion of something unique and usable. I'm seeing worse usability on all fronts, no endgame in sight (except to move to a new currency when transaction fees get high), little to no regulation, and a worser world in general. It's also ecologically irresponsible (centralized currencies will _always_ be more efficient by definition).

I don't care that I can make a quick buck by preying on people's FOMO, the whole movement is fueled by seemingly emotional, albeit baseless, arguments and bravado.

Yeah but then they should be livid at the idea of the government prosecuting people period.
It's perfectly consistent if they're minarchists rather than anarchists. Or Occupy Wall Street types, for that matter.
> do anyone prosecute this kind of hacks?

Like who, the crypto police? Pretty neat how crypto tosses away the tools of the state but then wants them back, but of course only when convenient.

We don’t need your stupid fiat currency! ... oh but can we borrow your justice system for our own ends? ... The one we don’t want to help pay for?

Maybe if the whole thing is dropped neatly with a bow on someone's desk at a cybercrime unit of the central police in the country where the perpetrator lives. But probably not.

It's not so much because authorities don't consider it a crime, like stealing WoW gear, but because of the difficulties in investigating and prosecuting the case vs the total losses.

"do anyone prosecute this kind of hacks? or just because is a token without legal status is like stealing Sheldon's gear in WOW."

Actually, I do lean towards the notion that stealing/embezzling/defrauding iotas/bitcoins/cuervocoins is legally equivalent to looting gold in WoW.

I see nothing in this news/thread today about "Iota" (which I have never heard of until today) that makes me consider it serious, legal business.

It approaches the seriousness of WoW from below.

I have a feeling that MyEtherWallet could pull off the same thing. https://www.myetherwallet.com/
Get a hardware wallet then -- the Ledger Nano S is great.
There might (in theory) be some kind of backdoor on the device, that could allow the chrome app to send the private key or seed somewhere...
I think the idea is that the seed and associated private keys are stored securely on a secure element, and they cannot be transferred to your computer. Only a signed message that allows broadcasting of a signed message can. But I could be mistaken?
Is this just a technical possibility or is there evidence that this could be the case?
No evidence afaik. Plenty of scenarios involving unknowingly buying a "pre owned" wallet, hacked firmware updates etc ...
You don't even need that, there's been a bunch of fraud in hardware wallets from people simply pre-setting the seed and shipping them with a "this is your seed, don't forget it" slip. Not everyone will use that seed, but some do, and then they lose their money.

Basically, unless you're 100% vigilant literally all of the time, you're in trouble. This is just one reason why we invented banks, to centralize risk and mitigation.

The chrome app doesn't know the private key and the nano itself only runs signed code unless you imply that the Ledger Company itself planted the backdoor.
One of the differences is that my ether wallet actively discourages you from running the code off of their website. They insist that you clone it off of GitHub for security purposes. In addition myetherwallet has undergone several security audits.
Using the official IOTA JavaScript library, the address that should correspond to this seed is PUEBLAHRQGOTIAMJHCCXXGQPXDQJS9BDFSCDSMINAYJNSILCCISDVY99GMKAEIAICYQUXMIYTNQCJYVDX, and according to this website, that’s an empty wallet. However, other sites designed to show information about the transaction history of an address just give a 404 error (see here for an example), indicating that either I made an error decoding this address or I’m misunderstanding something about how the IOTA network works.

This for me points out the issue with cryptocurrency in general. Even someone with technical prowess can't figure out how exactly things are supposed to work.

>> someone with technical prowess

The author is a high school student who has written very basic HTML/CSS and some C projects, including one as a joke. This is not to say all HS students can't figure out how to use Bitcoin, but you might be overselling the experience/aptitude of the author in order to make a biased point against cryptocurrency.

Calling their point "biased" pulls the discussion into emotional territory instead of being constructive. They might simply have assumed technical prowess.
to make a biased point against cryptocurrency

They do seem to have at least some degree of technical proficiency, and their error isn't exactly obvious to me either. (I make no claims about my aptitude, only that I'm old.)

Aha, I don't care if the author is 13 or 70. The article clearly demonstrates they are much, much more technical than the average user. Crypto UX is clearly an issue. (And I'm a massive crypto fan!)
Are you going to reject cars as well, on the basis that a trained mechanic can't necessarily determine how a nonstandard and baroquely designed car has broken?
(comment deleted)
I bought some IOTA a while ago and after doing a Google search on how to generate a wallet seed, it sent me to iotaseed.io. Thankfully though I didn't feel comfortable about a third party website potentially knowing my seed (which cannot be changed later) so I searched for alternatives and found a simple Linux command to do it. That probably saved me some money.

It's still surprising that it was a fraud, it looked like a legit website. It seems almost too blatant a crime given that the Github repo, IPs and the domain name of the site can probably be traced to someone.

What was the command? Did you have to run IOTA software from github to run it or did the command only use things like openssl etc...?
I can't remember the command. I think it was a native Linux command - Not related to IOTA.
The article linked to a fork of the deleted github repo: https://github.com/eggdroid/eggseed3/blob/8b92ec0f8b251c9fe9...

But that piece of code should've triggered red flags even if the hacker didn't add a payload to overwrite Math.seedrandom to always use the same seed. The fact that https://github.com/davidbau/seedrandom isn't cryptographically secure should've been enough to turn you away and warn other. And if you read it a bit more you'll notice that it is mostly junk code (unused variables like visitedHash, newindex).

Props to the hacker for the method acting. From the commit log https://github.com/eggdroid/eggseed3/commits/master I would not have suspect any malicious intent and just attribute it to incompetence (which might've worked better underhanded-c-contest style instead of using an explicit backdoor).

> a Service Worker is started to generate the QR code

It's a Web Worker not a Service Worker. Just to be stubborn

IOTA has been notoriously famous for rolling their own flawed hash function which allowed researches to develop a working PoC for hash collision attacks.

https://medium.com/@neha/cryptographic-vulnerabilities-in-io...

The CEO of IOTA David Sonstebo tells his users it's not his problem if they lose money using IOTA because they're too dumb to understand the design flaws: https://np.reddit.com/r/CryptoCurrency/comments/7gwl38/hello...

Yikes.

IOTA also relies on a centralized sever owned and operated by David Sonstebo which takes periodic snapshots so transactions can be rolled back if the IOTA devs ever feel the want to. https://domschiener.gitbooks.io/iota-guide/content/chapter1/...

Further reading:

Nick Johnson: Why I Find IOTA Deeply Alarming https://hackernoon.com/why-i-find-iota-deeply-alarming-934f1...

Daniel Rice: Why I Also Find IOTA Deeply Alarming https://medium.com/@thedrbits/why-i-also-find-iota-deeply-al...

Eric Wall: IOTA Is Centralized https://medium.com/@ercwl/iota-is-centralized-6289246e7b4d

Sidenote the founding developer of IOTA, Sergey Ivancheglo claims to have built a time machine http://come-from-beyond.com/about-me/

How is this relevant in _any_ way to the discussion? It's obvious what your agenda is but not apparent why your post is at the top.

Your sidenote linking to http://come-from-beyond.com/about-me/ and claiming that it's not a satirical website is comical.

If you read the article you would see it's about IOTA.

More importantly, IOTA never implemented seed generation into their native client software. With this being THE central function to their entire platform, one has to question the priorities and motives of the team behind this project.

When coupled with the comments by the CEO, one has to ask if the negligence is so absurdly severe it's malicious?

I read the article. It's a technical overview of a website designed to scam users. It doesn't reflect in any way that IOTA as a tech is insecure. Your claims are not related in any way to the contents of the article, are overreaching and biased. The allegations you've mentioned have been debunked [1]. Seed is basically a password so it's understandable it's not generated by the client software but many tutorials exist on how to create a secure one [2][3].

[1] https://blog.iota.org/official-iota-foundation-response-to-t...

[2] https://iotasupport.com/gui-newseed.shtml

[3] https://iota.guide/seed/how-to-generate-iota-wallet-seed/

IOTA designers decided to leave out the seed generation function of their software, which predictably let 3rd parties like the one in the article create a malicious seed to exploit the platform.

Every other cryptocurrency software can facilitate wallet generation seeds natively, why does IOTA refuse to implement it?

I'm simply providing historical facts. Your bias as an invested speculator is clear. https://news.ycombinator.com/item?id=15634175

The response to the IOTA hash flaw has a followup from MIT as well:

https://www.media.mit.edu/posts/iota-response/

  On Friday, MIT Technology Review published an article on 
  the cryptocurrency IOTA. The headline stated that the 
  currency “could outperform Bitcoin.” However, we here at 
  the MIT Media Lab have issues with the story. 
  Specifically, my colleagues in the Digital Currency 
  Initiative (DCI) recently uncovered a gaping hole in 
  IOTA’s software. And while that flaw has now been patched, 
  we certainly disagree with reporter Michael Orcutt’s 
  assertion that IOTA is “secure.” As the Director of the 
  MIT Media Lab, I felt it important we outline our specific 
  concerns. 


  — Joi*

Quote One:

  “The rally began in late November, after the IOTA 
  Foundation, the German nonprofit behind the novel 
  cryptocurrency, announced that it was teaming up with 
  several major technology firms to develop a ‘decentralized 
  data marketplace.’” The article goes on to say: “And the 
  high-profile names participating in its data market pilot—
  including Microsoft, Deutsche Telekom, and Fujitsu—suggest 
  IOTA is onto something.”

Response One:

  IOTA’s relationships with top-tier companies continue to 
  be nebulous.


  In the Technology Review article, Orcutt linked to a 
  November 28, 2017 blog post from IOTA that gave the 
  perception that Microsoft was a partner in the 
  marketplace. However, after a flurry of media reports 
  making this claim, IOTA corrected their relationship 
  status with top-tier companies like Microsoft, Cisco, and 
  Huawei in a blog post dated December 16. That the MIT Tech 
  Review story links to IOTA’s initial blog post instead of 
  the later version is misleading.

Quote Two:

  Though IOTA tokens can be used like any other 
  cryptocurrency, the protocol was designed specifically for 
  use on connected devices, says cofounder David Sønstebø. 
  Organizations collect huge amounts of data from these 
  gadgets, from weather tracking systems to sensors that 
  monitor the performance of industrial machinery (a.k.a. 
  the Internet of things). But nearly all of that 
  information is wasted, sitting in siloed databases and not 
  making money for its owners, says Sønstebø.


  IOTA’s system can address this in two ways, he says. 
  First, it can assure the integrity of this data by 
  securing it in a tamper-proof decentralized ledger.


Response Two:

  Whether or not IOTA’s ledger is “tamper-proof,” the entire 
  IOTA network went down in November, and was completely 
  inoperable for about three days. That this has never 
  happened in Bitcoin or Ethereum suggests the extent to 
  which the IOTA network relies on the “coordinator”—a 
  single point of failure—and is not truly decentralized.


  Also troubling, IOTA developers were able to transfer 
  funds out of users’ IOTA accounts. The user was then 
  required to participate in a “reclaim” process to request 
  their funds. We believe IOTA’s developers should not have 
  access to such funds; it’s rife with risk.

Quote Three:

  Second, it enables fee-less transactions between the 
  owners of the data and anyone who wants t...
Copying and pasting whole articles doesn't make your point any more valuable. It's not a historical fact that what you pasted in is a response to the article I linked to because the two happened in a reverse chronological order. You'd know that if you read it since it clearly refers to those specific claims.
Ok that's a fair point.
(comment deleted)
Why in the world would they design a custom hash function?! How amateurish. As Bruce Scneier said:

> In 2017, leaving your crypto algorithm vulnerable to differential cryptanalysis is a rookie mistake. It says that no one of any calibre analyzed their system, and that the odds that their fix makes the system secure is low — Bruce Schneier (about IOTA)

OK, it looks like the answer is they designed a custom hash function because their system is built with ternary logic (?!?):

https://hackernoon.com/why-i-find-iota-deeply-alarming-934f1...

... because "Ternary is the optimal radix" according to their cofounder:

> Ternary is the optimal radix, actually Base E (2.71....) is, but you can't make processors like that. So it comes down to Base Binary (2) vs Base Ternary (3). 3 is closer to the universal optimum 2.71 than is 2. That is the absolute most simple elevator pitch for ternary.

https://iota.stackexchange.com/questions/8/why-does-iota-use...

Reading about the design of this system, I feel like I just entered the twilight zone, or maybe the website for Time Cube. Urbit makes more sense than this. (The design of Urbit makes fine sense, it's just the implementation is extremely obscure.)

Plus, if e is in fact the optimal radix, then there's no way to say that 3 is "more optimal" than 2. That's making all kinds of assumptions about the optimality curve. Assuming such a curve even exists...
This subthread is really why I tend to ignore most crypto debate nowadays. Your points might all be valid, but even if they are/were, this entire subthread would be beside the point here IMHO.
> if you can't even be bothered to read 2 minutes about it and make such a mistake, that is entirely on you.

..

> It's covered in GUI FAQ, take time to read.

- /u/DavidSonstebo (CEO of IOTA)

Wow.

Anyone who has ever built software knows that users rarely read FAQs (maybe 1-5%). Anyone who's ever made ANY product/service/contract knows most users don't read the fine print.

I'm not sure if he's one of those hardcore backend guys who are oblivious to how humans use software, or maybe a bit autistic in his expectations of other people's capabilities/worldview, or is highly arrogant (rolling your own crypto fits this category well), or simply doesn't care because "everyone else is just not as smart as me". But regardless of the whys, that's simply no excuse in 2018 for pushing out very serious software, with real users, and significant time/money being potentially lost due to a complete disregard for real-life UX/UI.

> IOTA was made for machines, not humans.

This is no excuse either, it's a predictable expectation that new users will come in with their own preconceived understanding of how cryptocurrencies work - informed by how nearly every other currency works. So if your currency functions significantly different it's on the creator to communicate those differences clearly to the users.

"Anyone who has ever built software knows that users rarely read FAQs (maybe 1-5%). Anyone who's ever made ANY product/service/contract knows most users don't read the fine print."

Expecting tools to work without reading the manual reminds me of

"Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?" In one case a member of the Upper, and in the other a member of the Lower, House put this question. I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."

If the user WON'T read the FAQ, then the FAQ shouldn't exist. So how to educate an illiterate user?

am I the only one who thinks this is neither a new kind of scam, nor in any other way surprising, and that the whole discussion here is hardly about the article but mostly people voicing their general opinions for/against iota?
Thanks for this post and clear explanation
I wish the post started with a paragraph about why someone would use this website. 1-2 sentences is all that's needed.

I assume the seed is used to generate a public key for some kind of wallet? Is IOTA some kind of cryptocurrency?

https://www.androidauthority.com/what-is-iota-824641/

The project doesn't currently come with it's own seed generator so users are left using (sometimes) shady third-party services, such as this website.

The developers insist that it's not a currency intended for 'speculation between users' but rather for a particular machine-to-machine usecase, which is how they attempt to dodge lots of the criticism regarding the flaws in both the crypto and UX.