A hacker has stolen nearly US$4million worth of IOTA cryptocurrency via an “elaborate phishing site”.
On 19 January 2018, the hacker executed the scheme to steal money from users’ IOTA wallets by generating alpha-numerical characters.
When users create an IOTA wallet they enter a seed of 81 characters used as the ‘private key’, in order to generate the wallet and authenticate passwords.
According to Bleeping Computer, the hacker figured out the wallet’s private keys before linking the iotaseed.io website to a GitHub repository, alleging the website to run the same code.
‘Large amounts of traffic’
The hacker then ran the same code from GitHub and made modifications to Notifier.js library, loading additional code before advertising the website as the top result in Google to drive large amounts of traffic to the site.
After collecting six months worth of IOTA accounts the hacker then collected and transferred funds out of wallets, leaving him/her with cryptocurrency worth up to US$4million.
IOTA network nodes also suffered a DDoS attack at the same time of the hack taking place, making it less noticeable to users.
Written by Leah Alger