Abstract: Trinity is a software program pockets for the IOTA digital asset that has been developed for desktop and cellular working methods. Managed by the IOTA Basis, this open-source software program challenge permits the person to handle their tokens over the IOTA community. On February 12, 2020 the Trinity Pockets was attacked through a third-party dependency from Moonpay, which resulted within the theft of round 8.55 Ti in IOTA tokens.
This weblog put up is split right into a Three half collection:
- Half 1 summarizes the collection of occasions that led to the assault and the measures taken by the IOTA Basis. You possibly can learn it right here.
- Half 2 is the seed migration plan put in place to guard customers that may have been affected by the assault. (This weblog)
- Half Three gives an summary of key learnings, takeaways and measures that the IOTA Basis will implement to make sure the very best safety requirements for all of our software program improvement. You possibly can learn it right here.
The next outlines the Trinity Seed Migration Plan which features a seed migration device that can be launched subsequent week.
Seed Migration Plan
The IOTA Basis’s investigation recognized 50 seeds whose tokens have already been stolen by the attacker. Nevertheless, as a result of nature of the assault, it’s not presently potential to know the precise variety of affected customers and all Trinity customers want to find out whether or not they is perhaps affected.
- It ought to be famous that this migration plan was developed primarily for Trinity Desktop customers. However we strongly advocate that Trinity Cell customers additionally make use of the migration device.
- Token holders which have used different methods to safe their tokens (together with Ledger Nano, custodians or exchanges and offline storage) aren’t affected and don’t want to fret concerning the migration device.
- Passwords and seeds have been obtained by the attacker. All Trinity Desktop customers from 17 Dec to 17 Feb ought to change their pockets password (and wherever else it has been used). Word, altering password alone doesn’t make you secure, additionally, you will want to make use of the migration device.
It will be significant that we allow all in danger Trinity customers emigrate their tokens to security. As a substitute of turning on the Coordinator instantly, we are going to present a migration interval for all at-risk customers. The migration interval will give customers time to provoke a migration of their tokens from their present seeds, which can have been compromised, to newly created seeds.
Word: In case you are unsure about any of this or want help, please be a part of the IOTA neighborhood on Discord and both ask on the #assist channel or contact a member of the IOTA Basis straight.
Timeline for the migration plan
The IOTA Basis is presently constructing a seed migration device for migrating tokens from present to new seeds. Extra data can be launched early subsequent week. Under is a timeline for the migration interval.
Seed migration interval
The date of the migration device launch can be introduced forward of time. At-risk customers could have a 7 day interval during which they need to carry out the seed migration.
After the 7 day interval, the IOTA Basis will begin validating the submissions. Any conflicting submissions will should be reviewed by means of a KYC course of.
Non-obligatory Day 8–9
Non-obligatory: Neighborhood validation — The IOTA Basis will suggest a ledger state for a world snapshot. We’ll ask the neighborhood to validate the ledger state earlier than shifting forward. This solely applies if there are conflicts.
The community is restarted with the brand new ledger state and the community Coordinator resumes operation.
What can result in a conflicting submission?
In case your seed has been compromised, or in case you submit the identical seed a number of instances, we are going to obtain conflicting submissions. Please be sure to solely use the device as soon as for every account you personal.
What occurs after the migration interval is over and a person hasn’t been capable of submit in time?
In case the hacker has entry to your seed, there’s a threat that your tokens can be transferred out. In case you are unable to make use of the migration device throughout that interval, we strongly advocate participating with household or associates to discover a trusted particular person to do the switch for you.
How do I migrate on cellular?
Do not forget that the migration device will solely be accessible for Home windows 7, Home windows 10, Linux and MacOS, NOT for iOS and Android. Cell customers should use the SeedVault export or manually enter the seed straight into the device.
I feel my tokens have already been stolen, what do I must do?
In case you are suspicious of any pockets exercise, please be a part of our Discord server and phone the Discord mod workforce or IOTA Basis straight. Please remember that there are sadly energetic imposters posing as IOTA Basis personnel on our Discord. Subsequently it will be important that you simply straight provoke contact with the IF or mod workforce your self.
Please proceed to Half 3 of this collection for extra on Key Learnings and Takeaways.