The internet of things (IoT) platform IOTA has announced some steps that holders of the MIOTA token are expected to take to prevent possible hack due to vulnerability found in the Trinity wallet.
The release advises user to download an upgraded version of the wallet and have them installed to override the older version which has been subject to an attack. The IOTA team in the recent release wrote:
“As announced yesterday, we have released an updated version of Trinity which allows you to check your balance and transactions. Please download this newest version of Trinity here and install it over your old version: https://github.com/iotaledger/trinity-wallet/releases/tag/desktop-1.4.1”
#RT @iotatoken: Update: The attack remediation plan and the next steps are on https://t.co/ntEmMOKCig. Trinity users need to download and install a new version over your old version: https://t.co/TI3RYFPvXP— IOTA News (@iotatokennews) February 17, 2020
The platform maintained that doing this would and having the user password changed would remove the vulnerability which a hacker has exploited since January 25 to breach security of the Trinity wallet.
Users To change Passwords
Users are advised to make sure that the new passwords are not in use across board in other websites and that they are stored in a password manager. Aside removing the vulnerability, it would prevent the hacker from accessing a wallet they have not already breached its security.
The report stated that only the desktop version of the Trinity wallet had their seeds compromised. Nevertheless, the recommendation stated that all users across all versions of the wallet are to take proactive measure to prevent loss of their tokens. Those concerned are asked to migrate their tokens to a new seed.
However, Ledger Nano users do not need to use the migration tool but a password change is still strongly recommended.
Recovery of Stolen Funds
Meanwhile, IOTA announced that it is taking steps to help users whose funds were stolen to recover them. The platform is already collaborating with exchanges to ensure that stolen funds are not moved. It also plans a snapshot of all the funds on the wallet which would be validated by the IOTA node operators.
According to the report,
“We will implement a KYC procedure involving a third party that will enable all users who had their tokens stolen to reclaim them. The same procedure will also be required for certain cases in which the migration tool is used fraudulently or incorrectly. More information on this process will follow shortly,”