In brief

  • IOTA has updated its Trinity desktop wallet following a hack last week that saw $1.6 million stolen.
  • The hacker exploited a vulnerability in the old desktop app that let it access its victims' seed phrases.
  • The project's mainnet remains offline.

The IOTA Foundation today released an updated desktop version of its wallet, Trinity, following a hack last week that caused its operators to temporarily shut down the project. Trading activity on the IOTA mainnet remains suspended, but IOTA doesn’t think that its mobile app was affected, and said that hardware wallet users aren’t affected.

In an update on its website, IOTA said that upgrading the desktop Trinity wallet “renders the hacker incapable of accessing your wallet if s/he has not already done so.”

IOTA hack involved theft of seed phrases

IOTA determined that the hack, which has affected at least ten people, likely involved the theft of seed phrases. Around $1.6 million was stolen in the hack, according to BTCManager.  The hacker got access to the funds by exploiting a bug in the desktop wallet, which has been fixed in the new update.

Law enforcement and cybersecurity experts are currently working with IOTA to identify the hacker. Anyone who has had funds stolen can reclaim them.

IOTA urges users to change their passwords and store them in a password manager. Within the next few days, IOTA will release a tool that lets users transfer all of their tokens to a safe seed. It recommends that anyone who has opened Trinity since December 17, 2019, transfer the tokens. 

“By migrating your tokens to new, safe seeds prior to the re-start of the coordinator, you will render the attacker incapable of making unauthorized transfers of your tokens if s/he has not already done so,” wrote IOTA.