Encrypted currency wallets IOTA recently due to user funds were stolen by a large number of complaints. According to researchers, hackers use phishing sites to collect IOTA wallet private key, for the purpose of stealing user funds. Preliminary estimates suggest that the stolen amount is as high as $4 million.
Using IOTA wallets requires that users generate private keys independently, and many users rely on an online key generator to do this, so hackers crafted a fishing effort.
In August 2017, hacker organizations registered the iotaseed.io domain name and advertised it as an IOTA key generator online. Because most cryptocurrency users are skeptical of stochastic sites, hackers link the iotaseed.io site to the GitHub repository, claiming the site runs the same code as GitHub.
But that was not the case, as Alex Studer’s analysis article over the weekend revealed that while most of the hacking code came from the GitHub repository, it loaded additional code into the Notifier.js library, resulting in a total IOTA wallet private key Is the same, meaning that the user accessing the iotaseed.io site gets the private key that the hacker knows about.
Subsequently, hackers use advertising to promote the site, bringing a lot of traffic to the site. After six months of research and collection, hackers began accessing IOTA accounts on January 19, 2018 and transferred funds out of the user’s IOTA wallets. As for the site iotaseed.io Finally, only one “Taken down. Apologies.”
In addition to the phishing website incident, even worse, IOTA wallets also suffered DDoS attacks. However, IOTA founders claim that there is currently no conclusive evidence that DDoS attacks have anything to do with phishing websites.
Source: BleepingComputer