IOTA, a cryptocurrency platform for the Internet of Things ecosystem, was attacked by hackers in 2018. Passwords for user wallets were stolen, with hackers taking about $4 million worth of coins.
The network itself was not attacked—public-facing nodes on its network were placed under a Distributed Denial of Service (DDoS) attack from hackers, who had already stolen user credentials using phishing schemes.
Here are a few actions users can take to keep their IOTA safe.
Key Takeaways
- In the attack, the IOTA blockchain remained uncompromised—user information was stolen using a phishing method.
- Using a strong seed phrase will make your key more difficult to acquire.
- Changing your seed phrase frequently keeps your current phrase from being stolen.
- Use the most secure storage methods to store your seed phrase.
1. Generate a Strong Seed
Bitcoin generates a private key for users. IOTA is different. It requires users to generate their own “seed,” the cryptocurrency’s equivalent of a private key.
IOTA seeds are alphanumeric combinations of 81 characters. The IOTA seed should be random. This means it should have a mix of random characters, making it difficult to guess the seed.
IOTA users can generate their own seeds or use a tool for the task. The theft described earlier was committed using an online phishing site, which passed itself off as a place for generating IOTA seeds. Hence, the team behind IOTA does not recommend using online seed generators.
Users can also generate new seeds using the following commands in Linux and Mac OSX:
- Linux: cat /dev/urandom |tr -dc A-Z9|head -c${1:-81}
- MacOSX: cat /dev/urandom |LC_ALL=C tr -dc ‘A-Z9’ | fold -w 81 | head -n 1
2. Change the Seed
The IOTA Foundation recommends copying the seed to an online password database, such as KeePass. While copying the seed to the database, you should randomly change 10 letters within the key before saving it. The idea is to make your seed truly random, difficult to guess, and ensure that it is only known by you.
IOTA developers claim that the IOTA network does not use a blockchain. Instead, it uses a Tangle, which is its version of a directed acyclic graph—another type of distributed data structure hosted by nodes.
3. Store the Seed
After generating and saving a strong seed, you need to store it. The options for storing IOTA seeds are similar to those for bitcoin keys. You can store seeds in cold storage (or offline), or you can store them in encrypted disks.
If you prefer to do the former, it is advisable to print it from your home computer (not a public one) and keep the printed copy under lock and key, whether in a public safe or at home.
If you plan on storing your seed in a disk, make sure that it is encrypted and requires passwords for logging in. The same holds for online password databases or password managers.
The basic idea behind this strategy is to multiply the number of encryptions that protect your seed. This will make it difficult for hackers to access your seed. You should also never leave your hardware disks lying around or place them under the care of people you do not know.
How Much Is 1 IOTA?
On Sep. 22, 2023, 1 IOTA was worth $0.1481. Its price will fluctuate depending on market conditions, trading volume, and other influencers.
What Does the Acronym IOTA Stand for?
IOTA stands for Internet of Things Applications. The blockchain’s cryptocurrency symbol on exchanges is MIOTA, which the developers claim represents 1 million IOTA tokens.
Who Named IOTA?
The developers named the blockchain and its token IOTA. It is supposedly named after the smallest letter of the Greek alphabet, lowercase iota (ι).
The Bottom Line
The theft of IOTA’s cryptocurrency from public nodes has generated concerns about its security among users. Through careful planning and safekeeping, however, users can keep their IOTA safe and away from the prying code of hackers.
The comments, opinions, and analyses expressed on Investopedia are for informational purposes online. Read our warranty and liability disclaimer for more info. As of the date this article was written, the author does not own cryptocurrency.
