Topic: Recent IOTA vulnerability: Example of poor vetting by investors (Read 1187 times)

They put a non tested and easily breakable hash function in their code, jeopardizing their whole project. MIT could have simply wiped the whole project out, but they chose to be responsible - and look how the iota team treated them.

Who would "copy protect" their code by breaking their production cryptosystem and distributing it?  The very idea is so absurd it's inconceivable.

Now I'm puzzled. Perhaps I don't have enough technical knowledge, but what makes you think that? I'm not a fan of Iota at all, I think it is so centralized to be practically almost a scam, but in this specific case, what makes you think they are lying?

The whole "copy protection" story makes no sense. they screwed up and don't want to own it.

This is the answer of Iota's dev to this accusation:

https://medium.com/@mistywind/iota-cofounder-sergey-ivancheglo-aka-come-from-beyonds-responses-to-the-ongoing-fud-about-so-ea3afd51a79b

It must be noted that what he is telling seems to make perfect sense. Sometimes you need the full picture...

Are there any real information about this aspect? I'm interested in the IOT overall as in idea but i understand that technology is not ready right now. It should a lot of work before something what that mentioned will be ready for implementation in real world. Could you post some link or any evidence about that fact?

Some of the things I read the other day when the vulnerability was announced make me think there is a good chance it could simply die.  If one of the vulnerabilities they don't know about is exploited, it's going to be a very bad day, and the lack of demand will drive the price to zero and get them delisted very quickly.

I heard about the centralization of Iota. Some say that the the reason for its insane quotation is precisely the fact that just a few people have too many coins and they won't sell. But that's very very bad for a currency...

The asicboost thing also doesn't break the coin like the iota hash break did. Very significant difference.

I would suggest that you're comparing Apples to Oranges; but, those are at least similar in that they are both fruit.

Firstly, I do agree as you said that every "ICO coin is claiming to be the best crypto currency". That said Bitcoin wasn't handed a billion dollar valuation overnight because someone said it was really good. It earned it by proving how good it was. It took years not minutes. The point being made in the article is that just saying something is good and giving it a billion dollar valuation is absurd.

Secondly, you're suggesting that a text book coding mistake that allows someone to steal your coins is similar to a advanced hardware implementation of a technique that gives a miner an advantage in finding a block. They are not similar.

Additionally, the technique was actually patented in 2014 after being realized several years earlier. No one in the Bitcoin team tried dismissing it as being irrelevant as the IOTA team supposedly did in this case.

People never vetted Bitcoin until 1-2 years ago, no actually until a few months ago when the scandal of ASICboost became a news and shattered our beliefs about due diligence of Bitcoin experts, every body trusted them, if segwit wasn't disabling the asicboost I would've advised every body to clean their hands off the Core team. nowadays every ICO coin is claiming to be the best crypto currency. IOTA ICO coin doing the same thing. when a dev calls his 100% pre-mined coin better than Bitcoin you should know the rest like a script written for all of the likes of it.

I wouldn't go quite that far, by that measure alone ltc is in the same league and ETH (as much as I hate to say it because I still call the whole thing a scam) has the same treatment from many exchanges.

There are also articles out today talking about the centralization of iota, and the relationship between iota and bitfinex.  Neither of those is a good thing.

You have a lot to learn. Digital currencies aren't about code, or what they represent, it's all about marketing and getting the bandwagon of people on the hype-train. After investors have profited, noone really gives two shits about any coin, it's all the same type of investment from a traders prospective. As long as the information and news around the coin continues, that coin will be a good investment.

The only coin that has any worthwhile value still remains Bitcoin due to it's depth and being the standard to trade currencies in. Every other coin, is just a coin.

Also, who is to say that others haven't found and exploited it?

It's likely they have.  The bad guys looking for profit tend to be a whole lot more motivated than researchers for MIT who are doing it for the greater good.

You're technically not correct.  Stating that "there is no vulnerability right now", when the broken and homespun hash function they built is still in use in the cryptosystem is a bold statement that doesn't have any backing and is probably incorrect.

They patched the *specific* vulnerability they were told about, unwillingly.  Their reaction and their software development has clear issues and this crypto is probably not long for the world. 

It is truly completely incredible that billions of dollars get invested just on the "belief" that the code is safe, when in fact it is not. Guess if those who have found Iota's vulnerability would have been bad guys instead of good guys...

Well people who don't read links that are provided shouldn't even be investing in cryptocurrency. Providing a link is providing a great deal of information. More than the typical post. Your complaint is somewhat unfounded; but, I have modified the title of the thread to reflect more of the content.

If you read the article again you'll discover that the authors agree that the IOTA team did make changes that prevented their specific attack. They also go on to raise additional red flags about the code. This indicates that in their opinion the IOTA code still needs to be fully vetted.

I think you're missing the point of the tread as outlined in the first two sentences of the original post.

"Interesting article on the recent IOTA vulnerability that goes into the lack of proper vetting by investors. Really makes you wonder why new coins that haven't been vetted have billion dollar valuations."

Please feel free to interchange the word IOTA with various other coins. The fact is again and again amature coding is appearing in multiple coins (this time it just happens to be IOTA). Meanwhile the marketing arms of those coins promote their code as cutting edge technology. Since when has poor code been cutting edge? In their marketing they attack proven well vetted code like bitcoin as being obsolete. As if being highly secure doesn't matter.

Problem is, that many people come here for quick money and invest in coins they have never heard of. When you watch the chat on (for example) liqui and how people react on ridiculous postings in there, you know that there are way to many people gambling without having any clue.

Most projects have had security flaws. DAO anyone ? How about the report released last year about 80% of Monero transactions prior to 2016 that had the ability to be tracked ?

The DAO was an example of the first smart contract
Monero is based on anonymity
Parity Wallet anyone

The list goes on..

This is par for the course in emerging technology

Scoop em up while you can, the price will recover

if many people because of these items iota i sell we can iota cheap shopping .if the price falls still further I will buy
is then a good opportunity to fill his wallet  no risk no fun