IOTA cryptocurrency shuts down entire network after a coordinated attack on its Trinity wallet

Pierluigi Paganini February 16, 2020

IOTA Foundation behind the IOTA cryptocurrency was forced to shut down its entire network following a cyber attack that resulted in the theft of funds.

Hackers have exploited a vulnerability in the official IOTA wallet to steal funds from the users. In response to the incident, the IOTA Foundation, the nonprofit organization behind the IOTA cryptocurrency, has decided to take down its entire network.

The attack took place on February 12, 2020, the incident was confirmed via Twitter by the foundation:

We are currently investigating a suspicious situation with Trinity, please do not open or use Trinity on Desktop until further notice.#IOTA #Trinitywallet
— IOTA (@iota) February 12, 2020

Currently, #IOTA is working with law enforcement and cybersecurity experts to investigate a coordinated attack, resulting in stolen funds. To protect users, we have paused the Coordinator and advise users not to open Trinity until further notice. Updates: https://t.co/ME3Cvki3k9
— IOTA (@iota) February 13, 2020

The foundation also published details about the incident on its website, it explained that decided to shut down “Coordinator” node a few minutes after it became aware of the fraudulent transactions.

The Coordinator is a note of the IOTA network that is involved in the final approval of any IOTA currency transactions.

The measure was adopted to prevent hackers from stealing additional funds, according to the foundation, the perpetrator targeted high-value accounts first, before moving on to smaller accounts and then being interrupted early by the halt of the coordinator.

“The attack pattern analysis showed that the halt of the coordinator interrupted the attacker’s attempts to liquidate funds on exchanges.” reads the post published by the fundation. “The stolen funds have been purposely and repeatedly merged and split to obfuscate the investigation, and with the current token exchange rate as well as exchanges’ KYC limits in mind. We received additional feedback from more exchanges (not all yet), confirming that none of the identified transactions has been received or liquidated.”

At the time of publishing this post, the IOTA network is still down and an investigation is ongoing.

IOTA members along with external cyber security experts that have joined the investigation discovered that hackers exploited a dependency of the Trinity wallet app.

“We have found the exploit and are now working on resolving the issue. As expected, the exploit is related to the (user-facing) Trinity Wallet. The IOTA core protocol is – as already communicated before – not breached.” continues the post.

The IOTA has not disclosed the total value of the stolen funds, but experts believe it could be more than $1 million worth of IOTA coins.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IOTA foundation)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini July 24, 2025

Coyote malware is first-ever malware abusing Windows UI Automation

Pierluigi Paganini July 24, 2025