Why Analysts Expect More Upside After Bitcoin Just Broke $10,000 (Again)

Why Analysts Expect More Upside After Bitcoin Just Broke $10,000 (Again)

00:37 - 24/02/2020

Ethereumworldnews

Over the past 36 hours, Bitcoin has finally started to show signs of strength after the brutal 10% sell-off earlier this week. From the week’s most traded price at $9,600, the cryptocurrency has pressed higher to $10,000 as of the time of writing this, seemingly to establish a short-term candle close above this crucial psychological level. While still in its earliest stages, analysts say this latest leg to the upside has room to run, citing a confluence of positive technical […]
Mid-2020 Likely to Mark Start of Bitcoin’s Bull Run Past $20,000

Mid-2020 Likely to Mark Start of Bitcoin’s Bull Run Past $20,000

20:47 - 23/02/2020

Ethereumworldnews

In just a few months’ time, Bitcoin will see what is known as a halving, a once-every-four-years event which sees the asset’s inflation cut in half, skewing the supply-demand dynamic in favor of bulls. This cyclical event previously marked the start of some of the crypto market’s parabolic rallies, during which the price of BTC and other digital assets doubled, trebled, and so on and so forth. According to a number of analyses, the 2020 halving may kick off another […]
XRP Holding This Key Level Sets Stage for 100% Rally: Top Analyst

XRP Holding This Key Level Sets Stage for 100% Rally: Top Analyst

20:27 - 23/02/2020

Ethereumworldnews

The past few days haven’t been kind to the crypto markets. After peaking last week, market leaders Bitcoin, Ethereum, and Ripple’s XRP and smaller altcoins saw their values tank. XRP, unfortunately, was hit especially hard, perhaps because it has seen an especially strong rally over the past eight weeks. The asset was hit so hard that after it topped just above $0.34, a price it hadn’t traded at in years, it plummeted to $0.625 during the flash crash on Wednesday, […]
This Crypto is Positioned for an Insane Rally as it Reaches Key Resistance

This Crypto is Positioned for an Insane Rally as it Reaches Key Resistance

20:04 - 23/02/2020

Ethereumworldnews

The month of February has been great for altcoins, with many smaller cryptos seeing intense upwards momentum that has allowed some to set fresh all-time highs, while others post significant gains against Bitcoin. This upwards momentum seen amongst many altcoins has led investors and analysts alike to grow increasingly keen on finding the next altcoin that will see a “face ripping” rally, and some analysts believe that Algorand could be this crypto. One top trader is noting that ALGO recently […]
Bitcoin Dominance May Suggest a Massive Altcoin Selloff is Inbound

Bitcoin Dominance May Suggest a Massive Altcoin Selloff is Inbound

19:27 - 23/02/2020

Ethereumworldnews

Bitcoin and the aggregated cryptocurrency market have incurred some notable upwards momentum overnight, allowing many altcoins to surge and put some significant distance between their recent lows. This momentum, however, may be short-lived as analysts closely watch to see how Bitcoin’s dominance over the market reacts to a key level, as a bounce at its current level could lead to a selloff amongst altcoins. Bitcoin Could See Some Notable Gains at the Expense of Altcoins Currently, Bitcoin is trading up […]
Ripple’s Brad Garlinghouse Praises Crypto To Banks 

Ripple’s Brad Garlinghouse Praises Crypto To Banks 

10:56 - 23/02/2020

Oracletimes

Ripple just announced that the company plans to build a financial bridge between ETH and XRP. The firm launched some challenges at ETH Denver to pay coders who can connect the two coins on the Interledger Protocol (ILP). Ripple's CEO plans to kill banks' fear of crypto Ripple CEO Brad Garlinghouse seems to be on a mission …

Mainstream Shoppers On Shopify Could Boost Facebook’s Libra

10:28 - 23/02/2020

Oracletimes

Facebook's massive project Libra is one of the most controversial ones that the crypto industry has seen lately. It's also important to mention that the coin fasces issues with regulators, and the company is still making plans regarding its development. Also, despite the fact that Libra lost a lot of important supporters lately, it still …

Fidelity Hires BTC Engineer; Wants To Scale Crypto Mining Operations

Fidelity Hires BTC Engineer; Wants To Scale Crypto Mining Operations

10:15 - 23/02/2020

Oracletimes

The crypto market looks better today, with the most important coin trying to reach $10k once again. Bitcoin dropped in price this week, and now analysts expect to see the crypto being able to surpass the psychological level mentioned above. Fidelity is hiring and plans scaling crypto mining operations Fidelity was always seen as a …

Ripple Plans To Build Crypto Bridge Between XRP And ETH

Ripple Plans To Build Crypto Bridge Between XRP And ETH

09:57 - 23/02/2020

Oracletimes

Ripple was recently in the spotlight when the San Francisco-based company updated key stats on the amount of XRP that it holds and also addressed which firms are helping to power the network. The firm also made sure to highlight the fact that Microsoft is the most high-profile XRP Ledger validator processing transactions on the …

Bitcoin Races To $10k Once More – Volatility To Continue Due To Whales

Bitcoin Races To $10k Once More – Volatility To Continue Due To Whales

09:42 - 23/02/2020

Oracletimes

The crypto market looks better with most coins trading in the green and Bitcoin making significant efforts to reach $10k once again. During the past days, the crypto market has been bloody after whales sold Bitcoin, according to analysts. At the moment of writing this article, BTC is trading in the green, and the coin …

Ethereum’s Price May Soon Explode Even Higher as Key Metric Breaks Out

Ethereum’s Price May Soon Explode Even Higher as Key Metric Breaks Out

07:09 - 23/02/2020

Ethereumworldnews

Over the past day, the crypto market has effectively flatlined. Per data from CoinMarketCap, Bitcoin has gained 0.12% in the past 24 hours, and Ethereum has shed 0.6%. Despite this consolidation, there are signs that the market is about to break out after Saturday’s non-action, most likely in the upward direction. A Breakout is Building Popular cryptocurrency trader CryptoHamster recently remarked that there are clear signs the market is preparing to start its next big move. Urging his followers to […]
Top Analyst Eyes Surge to $11,000 as Bitcoin Rapidly Jumps 3% Higher

Top Analyst Eyes Surge to $11,000 as Bitcoin Rapidly Jumps 3% Higher

04:46 - 23/02/2020

Ethereumworldnews

Bitcoin has once again started to show signs of recovery. In the past hour, the price of the leading cryptocurrency has exploded higher, from the daily low around $9,650 to as high as $9,040, a jump of 3%. While this move has not yet been sustained on a weekly basis, analysts say that this recovery is an extremely positive sign for BTC, for just days ago the asset was sitting at $9,300, on the edge of a cliff that may […]
This Trillion-Dollar Asset Manager Just Delved Deeper Into Bitcoin & Crypto

This Trillion-Dollar Asset Manager Just Delved Deeper Into Bitcoin & Crypto

04:04 - 23/02/2020

Ethereumworldnews

While Bitcoin and crypto is largely a movement to disempower institutions and to put power back in the hands of regular people, there has been a space-wide focus on getting institutions involved in this industry. The thesis with this antithetical move is that institutional involvement in cryptocurrency: the world’s biggest firms and investors dabbling in the industry should draw in a large amount of human and financial capital, catalyzing innovation, creating a cycle of capital inflows and innovation. For those […]
Here’s Why Ethereum Could Soon Continue Surge Higher Against Bitcoin

Here’s Why Ethereum Could Soon Continue Surge Higher Against Bitcoin

00:35 - 23/02/2020

Ethereumworldnews

Ethereum, despite what some readers may think, did not see a positive 2019. In fact, the cryptocurrency plummeted, actually registering a yearly loss in 2019, dramatically underperforming Bitcoin’s gains of nearly 100%. This meant that the market for ETH/BTC fell off a cliff, with the price of one Ether falling as low as 0.016 BTC — the lowest the pair had been in years and around 90% below the all-time high well above 0.1 BTC. Though, over the past few […]
Isn’t XRP the Easiest Short? Analyst Asks as Bearish Pressure Mounts

Isn’t XRP the Easiest Short? Analyst Asks as Bearish Pressure Mounts

20:06 - 22/02/2020

Ethereumworldnews

XRP Could Plunge, Analyst Warns After Brutal Rejection Above $0.34 Last week, XRP saw a brutal rejection above the $0.34 price point, falling off a cliff all the way to $0.265 as Bitcoin saw a similar rejection at the $10,500 resistance. According to full-time cryptocurrency trader Cold Blooded Shiller, this rejection could spell disaster for the cryptocurrency moving forward. In an analysis published Friday, the analyst rhetorically asked: “Isn’t XRP the easiest [high time frame] short right now?” As to […]
Microsoft, BitGo, And Bitso Are Powering XRP Ledger, Ripple Reveals

Microsoft, BitGo, And Bitso Are Powering XRP Ledger, Ripple Reveals

11:01 - 22/02/2020

Oracletimes

Ripple was recently in the spotlight when CEO Brad Garlinghouse compared XRP’s speed to BTC. He also admitted that the company has an interest in the success of the digital asset since Ripple owns more than half of the total supply of XRP. “XRP is extremely efficient from a technical point of view in terms …

Bitcoin Becomes A Flight To Safety Investment, Says Binance US CEO

Bitcoin Becomes A Flight To Safety Investment, Says Binance US CEO

10:43 - 22/02/2020

Oracletimes

Bitcoin struggles just above $9,600 after a recent significant drop in price that took place a few days ago. Since then, the most important coin in the market was not able to surpass $10k again, and crypto enthusiasts are keeping their fingers crossed. At the moment of writing this article, BTC is trading in the …

1 Billion People To Engage In Blockchain Economy In A Decade, Says Coinbase CEO

10:12 - 22/02/2020

Oracletimes

Mass crypto adoption has been one of the most important goals in the crypto industry in 2019, and it remains the same this year as well. All kinds of moves are being made that are massively supporting this important goal. For instance, probably the most significant move in this direction was Coinbase's move. From now …

Ripple’ XRP Is Reportedly On The Verge Of A Rally To $0.70, Despite Current Market State

Ripple’ XRP Is Reportedly On The Verge Of A Rally To $0.70, Despite Current Market State

09:52 - 22/02/2020

Oracletimes

After a 2019 that didn't bring too significant price moves for XRP, 2020 is expected to be a better year for the coin. Last year, Ripple was blamed for XRP's poor performance. The digital asset already managed to surpass $0.33 this year, and now the coin is trading in the red just like the other …

Bitcoin $100k Prediction Is Debated By Top Analysts

Bitcoin $100k Prediction Is Debated By Top Analysts

09:31 - 22/02/2020

Oracletimes

The crypto market looks pretty bloody again, as Bitcoin struggles to recover its recent losses. The huge price drop is said to have been triggered by whales, according to some analysts. At the moment of writing this article, BTC is trading in the red, and the most important coin in the market is priced at …

XRP Just Flipped a Key Resistance Into Support: Why This is Bullish

XRP Just Flipped a Key Resistance Into Support: Why This is Bullish

06:32 - 22/02/2020

Ethereumworldnews

Over the past two days, the crypto market hasn’t fared too well. After peaking last week, the prices of digital assets across the board have tanked. XRP, the third-largest cryptocurrency by market capitalization, tanked from the multi-month high just a smidgen above $0.34 to as low as $0.265 — a hurting loss of over 25%. Despite this brutal crash, which made the biases of many traders flip negative after a short period of bullish optimism, a strong technical signal just […]
Ethereum is a “Strong Short Setup” as Volume Fades and Resistance Mounts

Ethereum is a “Strong Short Setup” as Volume Fades and Resistance Mounts

00:01 - 22/02/2020

Ethereumworldnews

Ethereum has been caught within some turbulence over the past week, with its price action largely mirroring that of Bitcoin and the aggregated crypto market. Earlier this week, ETH plummeted from its recent highs of $280 to lows of $250, before finding some strong buying pressure that has allowed it to climb back to its current price region. In the near-term, analysts are noting that Ethereum’s Bitcoin trading pair does appear to be highly bearish due to a myriad of […]
Trinity Attack Incident Part 1: Summary and next steps

Trinity Attack Incident Part 1: Summary and next steps

20:43 - 21/02/2020

iota.org

Summary: Trinity is a software wallet for the IOTA digital asset that has been developed for desktop and mobile operating systems. Managed by the IOTA Foundation, this open-source software project enables the user to manage their tokens over the IOTA network. On February 12, 2020 the Trinity Wallet was attacked via a third-party dependency from Moonpay, which resulted in the theft of around 8.55 Ti in IOTA tokens.

This blog post is divided into a 3 part series:

  1. Part 1 summarizes the series of events that led to the attack and the measures taken by the IOTA Foundation. (This blog)
  2. Part 2 is the seed migration plan put in place to protect users that might have been affected by the attack. You can read it here.
  3. Part 3 offers an overview of key learnings, takeaways and measures that the IOTA Foundation will implement to ensure the highest security standards for all of our software development. You can read it here.

The following outlines the Trinity Attack Summary and measures taken by the IOTA Foundation to protect user’s tokens.

Series of Events

On Wednesday, 12th of February 2020, around 3 PM CET, moderators on the IOTA Discord server started receiving reports from users who were observing a zero balance and/or unauthorized outgoing transactions on their previously positive-balance accounts. It became clear this was not an isolated incident, and the IOTA Foundation’s engineering teams began to work on identifying the cause.

Within the first four hours of investigation, the Foundation made the decision to halt the coordinator, which was put in place as a temporary security mechanism during the network’s maturation phase. The decision to halt the coordinator is not one taken lightly, as it suspends the confirmation of value transactions on the network. Nonetheless, to prevent the attacker from transferring further tokens, it was an essential step. As a result, the attacker was unable to successfully obtain all targeted tokens, and a number of transfers were stopped en route to the attacker.

In order to enhance transparency around this incident, the Foundation implemented a Major Incident Management plan, which included regular status updates via a dedicated website.

This allowed us to provide public updates whenever possible, but also continue to work diligently behind the scenes to investigate different scenarios, including:

  1. A possible breach of the IOTA core protocol;
  2. Malicious modification of the available Trinity installer, across all or single OS versions;
  3. DNS hijacking, where a modified Trinity version would be downloaded from the hacker’s server;
  4. Virus/trojan infection resulting from phishing attacks;
  5. Remote code injection, e.g. through a dependency;
  6. Insecure seed generation (similar to the phishing incident from early 2019);
  7. Organized social-engineering attack (in relation to Binance’s recently announced 50x IOTA margin trading).

Early analysis and investigations (attack patterns, in-depth scans of affected users systems, extensive code dependency scans/reviews, different types of user-comparisons), as well as process of elimination, allowed the teams to identify a likely cause: the integration of a third-party service (Moonpay), which enabled users to directly purchase IOTA tokens within Trinity. We immediately informed MoonPay about the possible exploit.

At the time of its integration into Trinity, Moonpay was only available as bundled code delivered by a CDN (content delivery network), so the IOTA Foundation integrated it as such. Although widely used in web technologies, CDN delivery has inherent risks. One of those risks is that the code expected by the device could be unknowingly replaced with code that is not expected. The IOTA Foundation flagged the risks involved and requested an NPM (Node package manager) to mitigate it. This was later published by Moonpay, after most of the integration work had already been done, but release pressure and human error added up to the Foundation not switching to the more secure NPM package prior to launch. This was the weakness leveraged by the attacker and one that could likely have been resolved if the Foundation had had a more extensive, cross-team review process for larger releases.

Over the course of the next 48 hours, the Foundation, with the support of a number of victims, collected information and obtained Trinity files from affected users. The Foundation’s internal analysis of affected Trinity caches found irrefutable proof that they had been compromised with one of several illicit versions of Moonpay’s software development kit (SDK), which was being loaded automatically from Moonpay’s servers (their content delivery network) when a user opened Trinity. The code was loaded into the local Trinity instance, and, after the user’s wallet was unlocked, decrypted the user’s seed and sent the seed and password to a server controlled by the attacker. Before transferring tokens out, the attacker awaited the release of a new Trinity version, which would overwrite Trinity’s cache files and thus remove the remaining traces of the hacker’s exploit. With this realization and code samples in hand, the IOTA Foundation immediately filed a report with the Berlin Police Cyber Division.

Through an attack analysis, performed by the IOTA Foundation, it became clear that the pattern of the attacker was consolidating multiple packs of 28 Gi. We suspect this value was chosen to keep the USD value of one pack under 10,000 USD and avoid triggering exchanges’ KYC identification procedures. We immediately contacted all exchanges with the results of the pattern analysis and asked them to lock associated exchange accounts. The first reply from nearly all exchanges was that they had not received any of the stolen token bundles. Due to the processing structure of the bundles, it was hard to shake the suspicion that the bundles had been sent to an exchange address. After escalating multiple times, we received sets of exchange deposit transaction logs. When we analyzed these logs with our Tangle analytics toolsets we, unfortunately, found that several addresses were owned by an exchange. We requested the exchange again to immediately lock the accounts, and are currently in further correspondence with them to assess the full picture of the amount of tokens the attacker was able to convert and transfer out of the exchange.

The next revelation came with the release of the log files to the IOTA Foundation on the 15th of February from the DNS provider contracted by Moonpay: Cloudflare. With the cooperation of Moonpay, we were able to get the logs of the past 18 months of their Cloudflare account. This, together with the security analysis, painted a very clear picture of the stages of an evolving attack that dates back to November 27th, 2019.

The Moonpay integration into Trinity officially began in September 2019, with the first closed beta being opened on November 11th, 2019. Through a leak in the testing period, on November 12th 2019, the upcoming integration into Trinity became well known within our community. The integration was made public on our open Github repo in the morning on the 26th of November.

The attacker started on November 27th, 2019 with a DNS-interception Proof of Concept that used a Cloudflare API key to rewrite the api.moonpay.io endpoints, capturing all data going to api.moonpay.io for potential analysis or exfiltration. Another longer-running Proof of Concept was evaluated by the attacker one month later, on December 22nd, 2019. On January 25th, 2020, the active attack on Trinity began, where the attacker started shipping illicit code via Moonpay’s DNS provider at Cloudflare.

Over the next two weeks, the attacker refined the malicious code and exfiltration techniques using code obfuscation and modification of the Moonpay API endpoints. Within this window of time, the IOTA seeds were stolen. The process of code iteration and seed theft continued until the 10th of February (although there are indications that malicious SDKs were served even until the 14th of February), at which point Moonpay became aware of illicit routes and took action to delete the API key, change login credentials and remove inactive users. Unfortunately, the IOTA Foundation was not informed of the unsanctioned API access until observing it for ourselves in the Cloudfare logs received from Moonpay on February 15th.

Without API access, the attacker was alerted to the fact that the route of attack was gone — and on the next day, the 11th of February, began executing transactions using the hijacked seeds. This theft was then ultimately interrupted when the coordinator was halted on the 12th of February. At present, the IOTA Foundation is aware of 50 independent seeds that had their tokens stolen during this attack, which amounts to a total of 8.55 Ti.

Trinity users will still need to use the forthcoming migration tool to protect their tokens from further thefts.

The nature of this attack introduced several complexities for the IOTA network to successfully resume operations without causing further potential losses to token holders who have used the Trinity wallet. As such, the Foundation has taken the extra precautionary step to develop a detailed migration plan and a dedicated tool to protect users who might have been affected by this theft and offer all Trinity users a safe way to migrate their tokens to a new seed. The exact details of this migration plan will be shared with the community in a subsequent blog post (Part 2).

Steps Taken to Address the Incident

  • The Foundation set up a status update page where victims and the public could access regular updates.
  • Built a new Tangle analytics toolset (utilizing our permanode) that tracks tokens in real-time. This tool will help support the ongoing criminal investigation.
  • Allocated all available resources to assist with the investigation of attacked seeds and analyze the attack pattern, using the set of newly developed tools, as well as a separate parallel manual analysis and verification (to validate tooling reliability).
  • Released a new version of Trinity Desktop for users to install on top of the current version with the attack vector removed, which would allow users to safely open and check their wallet balances. You can find it here.
  • Released new versions of Trinity Mobile on iOS and Android with MoonPay removed. These can be downloaded via the App Store and Play Store respectively.
  • Developed an attack remediation plan, which involves building a seed migration tool to move users to a safe seed.
  • Brought on multiple security experts and firms to assist with the analysis and cyberforensic investigation, as well as develop the remediation plan.
  • Contacted the UK, German, and Maltese police and the FBI to report the incident and provided documentation and updates as they became available.
  • Collected information from affected users and developed a dedicated community discord channel for them.
  • Collected and analyzed app files from both affected and non-affected users, categorized malicious code types and developed a timeline of when the malicious code was deployed.
  • Contacted all relevant exchanges to gather insight into where the tokens had been transferred and to lock any unsold tokens.
  • Worked together with MoonPay to investigate the cause of this hack and acquire the necessary information for the investigation.

Message to our community and users

We want to thank our extremely supportive community for offering their assistance during this crucial time period. We realize that having tokens stolen is a very stressful and emotional time for those affected, which is why we take this incident very seriously. We’ve made a lot of progress in getting to the bottom of this attack in a short time period and our engineers have been working diligently with law enforcement to analyze all events leading up to the attack and identify the culprit. We appreciate the patience of our community and users as we develop and implement tools that will assist in the recovery of stolen tokens.

Conclusion

Due to the ongoing cooperation and investigation by law enforcement and external security contractors, we are still analyzing specific details and events of the theft, and as such are not yet able to provide the community the complete portrayal of the incident. Hopefully, over the coming weeks and in cooperation with the involved parties, we will be able to provide everyone with detailed insight into the way in which these events unfolded.

Although some might say that a wallet-hack is a rite of passage in the crypto-industry, this in no way reduces the disappointment that the people in the IOTA Foundation feel for not meeting the standards we have set for ourselves. We fell short in fully-vetting the Trinity wallet continuously after new integrations, and apologize for letting our community down. We are currently working on a remediation plan for victims that had their tokens stolen by the malicious actor and continue to be in direct contact with them. We aim to publicly communicate a concrete plan next week. Separately from this plan, the Foundation continues to be in contact with the involved exchanges and law enforcement to hopefully find the perpetrator and recover as many of the stolen tokens as possible.

Key learnings, takeaways and measures for the Foundation’s development and security procedures will be shared in part 3 of this blog post series. We hope that the positive outcomes of this incident (namely, improved and tighter security procedures) will not only help to improve IOTA’s development but will also benefit the broader DLT ecosystem.

Please continue to Part 2 of this series for more details on the Attack Incident and Migration Plan.


Trinity Attack Incident Part 1: Summary and next steps was originally published in IOTA on Medium, where people are continuing the conversation by highlighting and responding to this story.

Trinity Attack Incident Part 2: Trinity Seed Migration Plan

Trinity Attack Incident Part 2: Trinity Seed Migration Plan

18:12 - 21/02/2020

iota.org

Summary: Trinity is a software wallet for the IOTA digital asset that has been developed for desktop and mobile operating systems. Managed by the IOTA Foundation, this open-source software project enables the user to manage their tokens over the IOTA network. On February 12, 2020 the Trinity Wallet was attacked via a third-party dependency from Moonpay, which resulted in the theft of around 8.55 Ti in IOTA tokens.

This blog post is divided into a 3 part series:

  1. Part 1 summarizes the series of events that led to the attack and the measures taken by the IOTA Foundation. You can read it here.
  2. Part 2 is the seed migration plan put in place to protect users that might have been affected by the attack. (This blog)
  3. Part 3 offers an overview of key learnings, takeaways and measures that the IOTA Foundation will implement to ensure the highest security standards for all of our software development. You can read it here.

The following outlines the Trinity Seed Migration Plan which includes a seed migration tool that will be released next week.

Seed Migration Plan

The IOTA Foundation’s investigation identified 50 seeds whose tokens have already been stolen by the attacker. However, due to the nature of the attack, it is not currently possible to know the exact number of affected users and all Trinity users need to determine whether they might be affected.

  • It should be noted that this migration plan was developed primarily for Trinity Desktop users. But we strongly recommend that Trinity Mobile users also make use of the migration tool.
  • Token holders that have used other ways to secure their tokens (including Ledger Nano, custodians or exchanges and offline storage) are not affected and do not need to worry about the migration tool.
  • Passwords and seeds have been obtained by the attacker. All Trinity Desktop users from 17 Dec to 17 Feb should change their wallet password (and anywhere else it has been used). Note, changing password alone does not make you safe, you will also need to use the migration tool.

It is important that we enable all at risk Trinity users to migrate their tokens to safety. Instead of turning on the Coordinator immediately, we will provide a migration period for all at-risk users. The migration period will give users time to initiate a migration of their tokens from their current seeds, which may have been compromised, to newly created seeds.

Note: If you are uncertain about any of this or need assistance, please join the IOTA community on Discord and either ask on the #help channel or contact a member of the IOTA Foundation directly.

Timeline for the migration plan

The IOTA Foundation is currently building a seed migration tool for migrating tokens from existing to new seeds. More information will be released early next week. Below is a timeline for the migration period.

Seed migration period

Day 0

The date of the migration tool release will be announced ahead of time. At-risk users will have a 7 day period in which they should perform the seed migration.

Day 7

After the 7 day period, the IOTA Foundation will start validating the submissions. Any conflicting submissions will need to be reviewed through a KYC process.

Optional Day 8–9

Optional: Community validation — The IOTA Foundation will propose a ledger state for a global snapshot. We will ask the community to validate the ledger state before moving ahead. This only applies if there are conflicts.

Day 10

The network is restarted with the new ledger state and the network Coordinator resumes operation.

What can lead to a conflicting submission?

If your seed has been compromised, or if you submit the same seed multiple times, we will receive conflicting submissions. Please make sure you only use the tool once for each account you own.

What happens after the migration period is over and a user hasn’t been able to submit in time?

In case the hacker has access to your seed, there is a risk that your tokens will be transferred out. If you are unable to use the migration tool during that period, we strongly recommend engaging with family or friends to find a trusted person to do the transfer for you.

How do I migrate on mobile?

Remember that the migration tool will only be available for Windows 7, Windows 10, Linux and MacOS, NOT for iOS and Android. Mobile users will have to use the SeedVault export or manually enter the seed directly into the tool.

I think my tokens have already been stolen, what do I need to do?

If you are suspicious of any wallet activity, please join our Discord server and contact the Discord mod team or IOTA Foundation directly. Please be aware that there are unfortunately active imposters posing as IOTA Foundation personnel on our Discord. Therefore it is important that you directly initiate contact with the IF or mod team yourself.

Please continue to Part 3 of this series for more on Key Learnings and Takeaways.


Trinity Attack Incident Part 2: Trinity Seed Migration Plan was originally published in IOTA on Medium, where people are continuing the conversation by highlighting and responding to this story.

This Eerie Pattern Shows Bitcoin Could be on the Cusp of a Massive 100%+ Rally

This Eerie Pattern Shows Bitcoin Could be on the Cusp of a Massive 100%+ Rally

18:10 - 21/02/2020

Ethereumworldnews

Bitcoin’s recent price action has made it incredibly unclear as to where the cryptocurrency could be positioned to move next, with its recent drop below $10,000 suggesting that bulls do not have enough strength to surmount the resistance that exists around this price level. In the near-term, Bitcoin’s bullish reaction to its recent drop to lows of $9,200 seems to suggest that further upside is imminent, although it has not yet catalyzed enough buying pressure to rally back up to […]
Trinity Attack Incident Part 3: Key Learnings & Takeaways

Trinity Attack Incident Part 3: Key Learnings & Takeaways

17:48 - 21/02/2020

iota.org

Summary: Trinity is a software wallet for the IOTA digital asset that has been developed for desktop and mobile operating systems. Managed by the IOTA Foundation, this open-source software project enables the user to manage their tokens over the IOTA network. On February 12, 2020 the Trinity Wallet was attacked via a third-party dependency from Moonpay, which resulted in the theft of around 8.55 Ti in IOTA tokens.

This blog post is divided into a 3 part series:

  1. Part 1 summarizes the series of events that led to the attack and the measures taken by the IOTA Foundation. You can read it here.
  2. Part 2 is the seed migration plan put in place to protect users that might have been affected by the attack. You can read it here.
  3. Part 3 offers an overview of key learnings, takeaways and measures that the IOTA Foundation will implement to ensure the highest security standards for all of our software development. (This blog)

The IOTA Foundation already integrates many security development lifecycle best practices in its existing projects. Due to the recent events, we have, however, identified improvement areas that will be integrated into the Foundation’s existing model. Many of the practices below are already integrated but will be reviewed in detail and strictly enforced throughout the Foundation.

  • We increase the focus on our approach to software security. We will add to our current security processes a new CSO who will oversee all security practices.
  • The IF (IOTA Foundation) is increasing its existing engagements with external security auditing firms and will require thorough external audits for major releases of any critical software.
  • The IF will require the same standard from any 3rd parties we integrate with.
  • The IF will adhere to a model for the overall security architecture of applications and review application security for key security objectives on a regular basis.
  • Requirements for new functionality, in both existing and new software, will be [more] strictly assessed through a security requirement framework.
  • All application risk levels will be revisited and reviewed on a regular basis. The security framework requirements for applications will be based on their risk level.
  • Threat modeling methodology will be put in place for all application security levels to identify and manage architectural design flaws.
  • The IF will review its current bill of materials for all existing applications.
  • All existing and new projects and their integrations of tracking 3rd party dependencies will have a stricter policy for vulnerability levels of 3rd party dependencies.
  • All 3rd party integration PRs require a manual sign-off from the team’s security champion, SecOps, or the CSO.
  • The IF also identified the need for better data analytics tools on the Tangle. While we currently have a capability to analyze Tangle behavior and transaction patterns, we are building better tooling on top of our permanodes to allow us to identify and filter patterns in real-time.
  • Finally, the IF will strive to make its security posture and audit results more transparent, wherever this is possible and appropriate.

Coming out of this incident, the IOTA Foundation will continue to invest more significant resources in our internal security procedures for all software and involve external security experts where needed. We hope that through our continuous transparency and external validation of our open-source software, that we will continue to increase the trust in our community and ensure that IOTA is successfully adopted as an enterprise-ready distributed ledger.

— — — —


Trinity Attack Incident Part 3: Key Learnings & Takeaways was originally published in IOTA on Medium, where people are continuing the conversation by highlighting and responding to this story.

Keep Your Identity Safe While Using Crypto With A Bitcoin Mixer

Keep Your Identity Safe While Using Crypto With A Bitcoin Mixer

13:02 - 21/02/2020

Oracletimes

The crypto industry might still be a nascent domain, but innovation develops fast, and unfortunately, so do the dangers and risks lurking in this space. Cryptocurrencies and safety are two concepts that should go hand in hand, considering that Satoshi Nakamoto created Bitcoin with annoyingly and full privacy in mind. But regulations are not necessarily …

Bitcoin Holds Extremely Important Price, Suggesting Rally Back to $10,000 is Possible

Bitcoin Holds Extremely Important Price, Suggesting Rally Back to $10,000 is Possible

10:16 - 21/02/2020

Ethereumworldnews

Bitcoin really hasn’t done too well over the past day or two. As detailed in previous market updates from Ethereum World News, the price of the leading cryptocurrency has been subject to extreme volatility, falling from $10,300 to as low as $9,200 (on some exchanges) in the span of a few hours. This dramatic move lower caught traders with their pants down, so to say, with data indicating that the flash crash liquidated over $100 million worth of long and short […]
Bitcoin Shopping App Lolli Teams Up With 950 Merchants In Push For Crypto Mass Adoption

Bitcoin Shopping App Lolli Teams Up With 950 Merchants In Push For Crypto Mass Adoption

09:49 - 21/02/2020

Oracletimes

The mainstream adoption of cryptos has been one of the main goals of the crypto industry during 2019, and it remains the same. This year, there have already been made some massive moves to support the idea. We reported the latest one just the other day – it involves Coinbase and Visa. From now on, Coinbase is …

Bitcoin Could Rally 4,900% And Hit $500k

Bitcoin Could Rally 4,900% And Hit $500k

09:33 - 21/02/2020

Oracletimes

After a significant fall in the price of Bitcoin now, the most important crypto in the market is struggling to get back on track and head over $10k once again. At the moment of writing this article, BTC is trading in the green, and the coin is priced at $9,671.20. Optimistic predictions about Bitcoin's price …