SlowMist: Analysis and Security Suggestions for the IOTA Major Coin Stolen Incident

  1. Third parties can be evil, by default, they are not supposed to be trusted. In the process of software security development, must be alert to the dependencies on the third-party, including third-party components and third-party JavaScript links.
  2. Third-party CDN / WAF services such as Cloudflare are excellent and powerful, but if users do not securely manage their account permissions, their Web services will encounter perfect man-in-the-middle attacks
  3. A fatal flaw in the official wallet of the public chain may bring down a public chain. While on-chain security is concerned, off-chain security cannot be ignored. They are a whole, which is why we are concerned about the blockchain ecological security, Not just the on-chain security of the blockchain itself
  4. As a user of IOTA’s official wallet Trinity, follow the official instructions to complete the security hardening work as soon as possible, not much to say about this.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.