Security Audit is of utmost importance, and Trinity Wallet was subject to rigorous security auditing. Security firms like SIXGEN and AccessecG led the auditing.
Concerning the wallet, they clearly state that there are no guarantees about the wallet and that it gets used at the user’s personal risk. The Trinity Wallet is open-source, and it is published on Github.
The Trinity Hardware provides additional security options using third-party hardware wallet compatibility. The hardware wallet with Trinity got considered to be secure, providing the leading security features like the SeedVault, which gets used to secure funds. With the additional hardware layer, the seed is stored within the hardware device rather than in Trinity, thus providing for a secure layer of separation.
Sydney Ifergan, the crypto expert, tweeted, “It seems like for now, IOTA is currently involved with law enforcement and cybersecurity experts who are working on investigating coordinated attack leading to stolen funds. and – In the interest of the users, the Coordinator has been paused, and the users have been requested not to open Trinity until further notice.”
IOTA – Investigation on the Stolen Funds
The investigation is ongoing concerning the stolen funds.
On February 17, 2020, IOTA released a safe version of the Trinity Desktop to permit users to check their balance and transactions. A vulnerability was announced on February 12, 2020. The version 1.4.0 removes the recently vulnerability announced. Users are provided with a link to download the latest version to install it over their old version.
On login, users will be able to check their balances and transactions. If the balances do not look correct, users were requested to contact a Discord mod or member of the IOTA Foundation directly on Discord. However, IOTA warns about active imposters on Discord who are posing as an IOTA Foundation personnel. IOTA, therefore insists that the users, first of all, contact the IF or mod team personally.
IOTA clarifies that the Trinity Mobile is not affected by the attack; however, users are requested not to open the mobile version until a new mobile version is released.
The latest update tweeted reads thus: “After successfully finding the exploit, the team is currently working on a strategy to mitigate any further risk for token holders and resume complete network operations.”
The Coordinator continues to be down as the team is finalizing on their remediation plan. Users are warned that they will not be able to send any value transactions. IOTA has stated that they will be updating very soon about plans moving forward.
