A clever hacker made off with 4$ million worth of IOTA after setting up an phishing site for almost half a year.
To understand how the hack took place, we must first understand how users create a IOTA wallet. When you create a wallet you have to generate a string of random alpha numerical characters. This is the wallet's private key, also named seed. When users create a IOTA wallet, they are required to enter a seed of 81 characters long. One way to generate this seed is to use an online generator.
This is where the hacker registered the domain iotaseed.io and figured he could make a profit. He linked the website code to a GitHub repository, alleging the code was the very same running on the website. In reality, their were some clever modifications to the Notifier.js library, which loaded additional code. He coded the generator to always use a fixed seed and a plus counter variable that increases by one every time the generator is run. Making it easily reversible.
The hacker waited and collected private keys for six months and executed his scheme on January 19. He used to go by the nickname of Norbertvdberg and had profiles on Reddit, GitHub and Quora. They are all gone now.
its very difficult to be safe right now.
HI,
Why would some one one do this, this is horrible.
4 Million , HOPE IT WAS WORTH IT.
:-(
Yea.. He also used advertising to promote hes website as the top result in Google for "IOTA seed generator".
Not good for the ones that lost out-
:-(
Oh !!!
This days second news, wher peoppel loos mony!!!