Pages:
Author

Topic: IOTA - Thousands of Wallets Compromised and Funds Stolen - page 8. (Read 2618 times)

full member
Activity: 364
Merit: 101
What a rubbish from the IOTA fanboys. Certainly it is not safe to post any private key online or use it to log into your wallet. That's why no wallet uses a private key to openly login, only the IOTA wallet does that. And as I wrote several times before, they do so without authorization.

Again, AAA: Authentication, Accounting and Authorization, the 3 pillars of information security. IOTA failed to implement authorization. And that's what they are to blame for!

This is a lie.
You are probably German, call everybody a liar, that does not fit into your small limited world. LOL

I login to MyEthereum wallet with my private key
When I use metamask I have previously input my private key and I trust metamask will not fail.
In iota you will only have to trust that your PC does not have a key logger
When you copy your seed(privkey) to clipboard, it is automatically deleted once you login to your wallet
You are blaming the tech for naive mistakes of people.
Imagine that you generate your BTC papaer wallet on these offering sites. and you do that while you are on line
you privkeys will be stolen, would you balme yourself for that or BTC network
full member
Activity: 756
Merit: 103
You claim ...
I do not claim anything, I wrote I'm not doing the homework for you. Simple.
full member
Activity: 756
Merit: 103
I just tried to explain the situation to you. But after you start offending, I'm not polite anymore.
It's ok, you are not worth my time.
member
Activity: 103
Merit: 11
You are probably in the wrong profession if you don't realize what happened here.

My IOTAs are still in my wallet ;-) Obviously I'm not that dumb as you Cheesy
Yes, I know you are the other IOTA fanboy that only gets rude. Your public presentation. Congrats.

I just tried to explain the situation to you. But after you start offending, I'm not polite anymore.
copper member
Activity: 336
Merit: 258
Do you need a campaign manager? PM me.
Can you please quote the prove? I do not want to read the whole thread.
I'm not doing the homework for you. Inform yourself before you post here!

You claim that there is a proof in the thread. So that means you have to give me this proof.
To declare a whole thread as a proof does not support your claim! Where is the problem if you quote your proof from the thread.
Someone who makes an assertion must always provide the proof. That's how it works!  Roll Eyes
full member
Activity: 756
Merit: 103
You are probably in the wrong profession if you don't realize what happened here.

My IOTAs are still in my wallet ;-) Obviously I'm not that dumb as you Cheesy
Yes, I know you are the other IOTA fanboy that only gets rude. Your public presentation. Congrats.
member
Activity: 103
Merit: 11
You are probably in the wrong profession if you don't realize what happened here.

My IOTAs are still in my wallet ;-) Obviously I'm not that dumb as you Cheesy
full member
Activity: 756
Merit: 103
Can you please quote the prove? I do not want to read the whole thread.
I'm not doing the homework for you. Inform yourself before you post here!
copper member
Activity: 336
Merit: 258
Do you need a campaign manager? PM me.
I can understand that you are pissed of because you lost your funds but this issue has nothing to do with Authentication, Accounting and Authorization. You gave your private key to an untrusted third party. Thus Authorization is not the problem here because with the private key a bad actor can steal your funds regardless of the password protection.
You obviously don't understand even basic concepts. Can you read your email without a password to your account? No.

That is a huge difference. Your e-mail provider is mostly reputable. You have relied on a service that did not appear to be reputable.
The creation of a private key should NEVER be passed to third parties. In my opinion you are not the only one to blame.
IOTA should have clearly warned against it and should also introduce a service for creating a private key.
Yes, I agree. We should have all known it, still we ran straight into the trap, as it was suggested in the IOTA board. And there is proof for that. See the info here:
https://forum.helloiota.com/9284/Call-to-action-lets-catch-the-thief

Can you please quote the prove? I do not want to read the whole thread. Thank you.

But as I said. IOTA should have had a clear presence and had to set up its own seed generator. In addition, IOTA should have warned against using a seed generator from a third party. IOTA did not do that, so IOTA is partly to blame. Why only a partly to blame? Because we are adults and responsible for our mistakes. You were careless when choosing the seed generator and should have thought along!
full member
Activity: 756
Merit: 103
You are probably in the wrong profession if you don't realize what happened here.

1) a private key is used to log into a wallet

2) there is no authorization at all.

Sure, you can argue if one has the private key, you don't need a password. That is right. And that makes it all worse.
member
Activity: 103
Merit: 11
I can understand that you are pissed of because you lost your funds but this issue has nothing to do with Authentication, Accounting and Authorization. You gave your private key to an untrusted third party. Thus Authorization is not the problem here because with the private key a bad actor can steal your funds regardless of the password protection.
You obviously don't understand even basic concepts. Can you read your email without a password to your account? No.

I read the whole thread and realized that other users already tied to explain it to you without success. I am working for more than 8 years in Information Security, so I can tell you I got more than basic concepts. Your argument with email does not hold because if you generate your password with an online generator, your account may be exposed to criminals. Furthermore for your email you just use one password to log in. No private key involved here.

If you would use PGP to encrypt your mails and you would use an online generator for your private key, a bad actor could save your key and read all encrypted messages that you receive...

I hope you got it now, because that will be the last time I explain it to you.  
full member
Activity: 756
Merit: 103
From https://forum.helloiota.com/9284/Call-to-action-lets-catch-the-thief?PageIndex=16

"I'll talked to the cybercrime department of the public prosecution in Hessen, Germany. They will start investigations as soon as I write them a mail with all required information. It seems like they take this theft very serious and that they will try to trace the scammers. I'll give them the link to this chat. If there are any additional information missing, please send me a message. I'll send my mail in 10 minutes!  There are cybercrime department in almost each federal state in Germany. If you are German, please contact them, e.g. if you live in Nordrhein-Westfalen. I can't do that in other states, since they are not responsible for me."

Please support!
full member
Activity: 756
Merit: 103
I can understand that you are pissed of because you lost your funds but this issue has nothing to do with Authentication, Accounting and Authorization. You gave your private key to an untrusted third party. Thus Authorization is not the problem here because with the private key a bad actor can steal your funds regardless of the password protection.
You obviously don't understand even basic concepts. Can you read your email without a password to your account? No.

That is a huge difference. Your e-mail provider is mostly reputable. You have relied on a service that did not appear to be reputable.
The creation of a private key should NEVER be passed to third parties. In my opinion you are not the only one to blame.
IOTA should have clearly warned against it and should also introduce a service for creating a private key.
Yes, I agree. We should have all known it, still we ran straight into the trap, as it was suggested in the IOTA board. And there is proof for that. See the info here:
https://forum.helloiota.com/9284/Call-to-action-lets-catch-the-thief
copper member
Activity: 336
Merit: 258
Do you need a campaign manager? PM me.
I can understand that you are pissed of because you lost your funds but this issue has nothing to do with Authentication, Accounting and Authorization. You gave your private key to an untrusted third party. Thus Authorization is not the problem here because with the private key a bad actor can steal your funds regardless of the password protection.
You obviously don't understand even basic concepts. Can you read your email without a password to your account? No.

That is a huge difference. Your e-mail provider is mostly reputable. You have relied on a service that did not appear to be reputable.
The creation of a private key should NEVER be passed to third parties. In my opinion you are not the only one to blame.
IOTA should have clearly warned against it and should also introduce a service for creating a private key.
full member
Activity: 756
Merit: 103
I can understand that you are pissed of because you lost your funds but this issue has nothing to do with Authentication, Accounting and Authorization. You gave your private key to an untrusted third party. Thus Authorization is not the problem here because with the private key a bad actor can steal your funds regardless of the password protection.
You obviously don't understand even basic concepts. Can you read your email without a password to your account? No.

But worse than that, how could a private key aka seed be used to openly login to ones account/wallet? That is plain irresponsibility of the IOTA developers and they are the ones to blame.

Given they are a registered "Gemeinnützige Stiftung" according to German law, they are likely to be safe from being sued for that, they have nothing to compensate for the losses. But this does not mean they get off the hook.
newbie
Activity: 66
Merit: 0
Oh, that's shocking news. I hope they will find a way to restore their money.
member
Activity: 103
Merit: 11
What a rubbish from the IOTA fanboys. Certainly it is not safe to post any private key online or use it to log into your wallet. That's why no wallet uses a private key to openly login, only the IOTA wallet does that. And as I wrote several times before, they do so without authorization.

Again, AAA: Authentication, Accounting and Authorization, the 3 pillars of information security. IOTA failed to implement authorization. And that's what they are to blame for!


I can understand that you are pissed of because you lost your funds but this issue has nothing to do with Authentication, Accounting and Authorization. You gave your private key to an untrusted third party. Thus Authorization is not the problem here because with the private key a bad actor can steal your funds regardless of the password protection.

If you would say that users have no possibility to generate their private key offline using just their wallet software, I wouldn't say anything against it. So if you want to blame the IOTA team for it, then you could give the argument that they didn't design the wallet software for people who are new to crypto or have no idea how to securely generate a private key.
full member
Activity: 140
Merit: 100
the "stupit people " as yo called they most of they just follow what the official channel advice  like me  I generate my seed IPFS here https://iotasupport.com/gui-newseed.shtml  as been advice , there nothing to FUD here people are not the only responsible ...I post david announcement

Dominik Schiener [5:25 PM]
@here
Do not use Online Seed Generators
There are multiple reports today of thefts from IOTA wallets. These users generated their seeds online using the unofficial ipsf and iotaseed websites.
If you used these sites, please check your balance and move your wallet to a new seed.
To safely generate a seed, follow the instructions in this guide: https://helloiota.com/generate-seed.html

IPFS has been remove JUST TODAY because online and not secure , so who are the stupid one Huh the one yesterday maybe follow the founder advice and generate seed on IPFS??

lets not be ridiculous ,everyone should take his responsibility  IOTA   included

By the way , is is written somewhere the hack is due to seed stolen??For what is my concern I could be anything ...wallet bug , inside job whatever ..or please let me know how should I know is seed fault ...just because IOTA say So Huh?? Well doesn`t work in that way , and being foundation  or open source doesn`t mean they escape from responsibility

If you bought IOTA, check your wallet. Chances are high that it is empty now.

Don't believe me? Open it and find out yourself that all your funds have been stolen.

How so? People were told to use online seed generators. Yes, a seed, online. Not from the wallet itself, no password, not protection at all. And one clever chap collected all the generated seeds and just cashed in.

What can you do? If it is still "Pending" then check out this posting from the official IOTA forum. If it says confirmed as it does for me, funds are gone.

https://forum.helloiota.com/9100/To-everyone-posting-with-stolen-balances

IOTA tries to blame people now for using the online seed generators. I think the party to blame is IOTA itself, for not putting a seed generator in their light wallet, and for not password protecting it.

This actually calls for class action as thousands of accounts were compromised!

(my x-post from Steemit)

Why are you spreading FUD? 1000s of wallets were NOT compromised. Billions were NOT stolen.

People that were stupid enough to use a 3rd party seed generator at iotaseed.io practically gave these site owners permission to access their wallets. Many people were helped by the community to offset the theft successfully. Others we could not help in time.

Meanwhile a profile of the thief if already being developed as he left a trail.

So stop with your sensationalized untruths please.
member
Activity: 574
Merit: 12
Kuvacash.com
This is a very pathetic situation to IOTA shareholders who had some coins in their wallet.
Cybercrime is increasing with more sophisticated tools everyday.
No wonder Electroneum team have to paused certain actions when they perceived being compromised in order to put everything in place.
Pages:
Jump to: