02-13-2020, 05:02 PM
IOTA Trinity Wallet having suspicious issues.
<!-- SC_OFF --><div class="md"><p>EDIT: Please be careful of platforms moderated by the relevant teams; sometimes they will try to show only one side. It's important to check with others to help notice bias.</p> <p>​</p> <blockquote> <p>We are currently investigating a suspicious situation with Trinity, please do not open or use Trinity on Desktop until further notice.</p> </blockquote> <p>There seems to be some issues with actual missing funds here... but not much else is known yet. IOTA Foundation members asking folks to DM them if they are missing funds due to this:</p> <blockquote> <p>DM me if you are missing funds as well</p> </blockquote> <p>They currently have the coordinator paused (entire network paused) and are asking you to not open any Trinity wallet. I'll update if I figure out anything else. Please stay safe out there with your funds!</p> <p>IOTA Twitter Regarding Issue: <a href="https://twitter.com/iotatoken/status/1227638737862983681?s=19">https://twitter.com/iotatoken/status/1227638737862983681?s=19</a></p> <p>More info for Discord Users:</p> <blockquote> <p>Just to add, for all discord users and servers, that Discord Nitro allows you to impersonate anyone's name, color, and 4 digit ID. </p> <p>Do not trust people in DMs </p> <p>Disable DMs from server members (So they have to friend request you first) </p> <p>Talk to them in a server before accepting a DM or friend request. Scammers are less likely to talk in a public server </p> <p>In the public server, you can view the Roles associate with their account. If they are an official person, it should show them with some kind of staff role, not just 'verified' </p> <p>Do not ever download software from or send money to anyone contacting you via DM. No reputable group will ever contact you via DM for these things </p> <p>Do not accept support via DM</p> </blockquote> <p><strong>Update 20:50 UTC 2020/12/02:</strong></p> <ul> <li>IF is actively investigating the issue and considering all possible attack vectors.</li> <li>Only 6-7 victims have been identified so far. Some of them were KYC’ed.</li> <li>All victims had used desktop version of the Trinity wallet.</li> <li>Only one case on macOS, the rest were MS Windows.</li> <li>The attacks appear to have been conducted manually (no scripts involved).</li> <li>The funds were mixed.</li> <li>No mobile users have been affected so far.</li> <li>Those affected can DM Dave on Discord (just make sure it’s really him - Please note the comments on Discord security above).</li> <li>These are 2 of the transactions. One stealing 725 Gi and one 680 Gi: <ul> <li><a href="https://thetangle.org/transaction/VYWRYPQACQMNELEFNNVURHOHINSMTEXCBKCWBLBUMLRNHTJGG9CPKGXVLCCFVDJVYXD9HXBPMOLYZ9999">https://thetangle.org/transaction/VYWRYPQACQMNELEFNNVURHOHINSMTEXCBKCWBLBUMLRNHTJGG9CPKGXVLCCFVDJVYXD9HXBPMOLYZ9999</a></li> <li><a href="https://thetangle.org/transaction/QPKMAKHKQZLRJNJNFXPQBQQBESGNBGWSVUVRVPFGBFYOYEIWFNNDAXFLMQPJOFMCSUF9NVPTPHZA99999">https://thetangle.org/transaction/QPKMAKHKQZLRJNJNFXPQBQQBESGNBGWSVUVRVPFGBFYOYEIWFNNDAXFLMQPJOFMCSUF9NVPTPHZA99999</a></li> </ul></li> </ul> <p><strong>Update 13:50 UTC 2020/13/02:</strong></p> <ul> <li>They are up to 11 confirmed accounts now with missing funds</li> <li>They are still investigating the issue and the coordinator remains off (network is halted) for now</li> <li>They are still suggesting nobody opens the Trinity wallet on any operating system (Although as of now, the only affected OS's are Windows, Linux, and MacOS - no mobile users as of now)</li> <li>Keep in mind it's currently a challenge to check your wallets, as they are asking you not to open them.... so these numbers may grow</li> <li>Still no word on if it's a targeted phishing attack, or something more</li> <li>It appears no malware has been found on any victims computer yet</li> <li>There seems to be verified 5 Ti stolen at this point (I believe this equates to around $1,650,000 at today's price).</li> </ul> </div><!-- SC_ON --> Kind Regards R
<!-- SC_OFF --><div class="md"><p>EDIT: Please be careful of platforms moderated by the relevant teams; sometimes they will try to show only one side. It's important to check with others to help notice bias.</p> <p>​</p> <blockquote> <p>We are currently investigating a suspicious situation with Trinity, please do not open or use Trinity on Desktop until further notice.</p> </blockquote> <p>There seems to be some issues with actual missing funds here... but not much else is known yet. IOTA Foundation members asking folks to DM them if they are missing funds due to this:</p> <blockquote> <p>DM me if you are missing funds as well</p> </blockquote> <p>They currently have the coordinator paused (entire network paused) and are asking you to not open any Trinity wallet. I'll update if I figure out anything else. Please stay safe out there with your funds!</p> <p>IOTA Twitter Regarding Issue: <a href="https://twitter.com/iotatoken/status/1227638737862983681?s=19">https://twitter.com/iotatoken/status/1227638737862983681?s=19</a></p> <p>More info for Discord Users:</p> <blockquote> <p>Just to add, for all discord users and servers, that Discord Nitro allows you to impersonate anyone's name, color, and 4 digit ID. </p> <p>Do not trust people in DMs </p> <p>Disable DMs from server members (So they have to friend request you first) </p> <p>Talk to them in a server before accepting a DM or friend request. Scammers are less likely to talk in a public server </p> <p>In the public server, you can view the Roles associate with their account. If they are an official person, it should show them with some kind of staff role, not just 'verified' </p> <p>Do not ever download software from or send money to anyone contacting you via DM. No reputable group will ever contact you via DM for these things </p> <p>Do not accept support via DM</p> </blockquote> <p><strong>Update 20:50 UTC 2020/12/02:</strong></p> <ul> <li>IF is actively investigating the issue and considering all possible attack vectors.</li> <li>Only 6-7 victims have been identified so far. Some of them were KYC’ed.</li> <li>All victims had used desktop version of the Trinity wallet.</li> <li>Only one case on macOS, the rest were MS Windows.</li> <li>The attacks appear to have been conducted manually (no scripts involved).</li> <li>The funds were mixed.</li> <li>No mobile users have been affected so far.</li> <li>Those affected can DM Dave on Discord (just make sure it’s really him - Please note the comments on Discord security above).</li> <li>These are 2 of the transactions. One stealing 725 Gi and one 680 Gi: <ul> <li><a href="https://thetangle.org/transaction/VYWRYPQACQMNELEFNNVURHOHINSMTEXCBKCWBLBUMLRNHTJGG9CPKGXVLCCFVDJVYXD9HXBPMOLYZ9999">https://thetangle.org/transaction/VYWRYPQACQMNELEFNNVURHOHINSMTEXCBKCWBLBUMLRNHTJGG9CPKGXVLCCFVDJVYXD9HXBPMOLYZ9999</a></li> <li><a href="https://thetangle.org/transaction/QPKMAKHKQZLRJNJNFXPQBQQBESGNBGWSVUVRVPFGBFYOYEIWFNNDAXFLMQPJOFMCSUF9NVPTPHZA99999">https://thetangle.org/transaction/QPKMAKHKQZLRJNJNFXPQBQQBESGNBGWSVUVRVPFGBFYOYEIWFNNDAXFLMQPJOFMCSUF9NVPTPHZA99999</a></li> </ul></li> </ul> <p><strong>Update 13:50 UTC 2020/13/02:</strong></p> <ul> <li>They are up to 11 confirmed accounts now with missing funds</li> <li>They are still investigating the issue and the coordinator remains off (network is halted) for now</li> <li>They are still suggesting nobody opens the Trinity wallet on any operating system (Although as of now, the only affected OS's are Windows, Linux, and MacOS - no mobile users as of now)</li> <li>Keep in mind it's currently a challenge to check your wallets, as they are asking you not to open them.... so these numbers may grow</li> <li>Still no word on if it's a targeted phishing attack, or something more</li> <li>It appears no malware has been found on any victims computer yet</li> <li>There seems to be verified 5 Ti stolen at this point (I believe this equates to around $1,650,000 at today's price).</li> </ul> </div><!-- SC_ON --> Kind Regards R