CryptoPotato
CryptoPotato
  • Crypto News
  • Margin Trading
  • Guides
    • Bitcoin & Crypto Guides 101
    • Bitcoin For Beginners
    • Editorials
  • Fund
  • Buy
  • Language
  • Crypto News
  • Bitcoin For Beginners
  • Cryptocurrency Guides 101
  • Editorials
  • Bitcoin & Crypto Margin Trading
  • Bitcoin Price Analysis
  • CryptoPotato Crypto Fund
  • Ethereum (ETH) Price Analysis
  • Ripple (XRP) Price Analysis
  • Market Updates
  • Interviews
  • Buy Bitcoin with Card
  • bitcoin
    BTC$32,711.00
  • ethereum
    ETH$1,455.13
    • Market Updates
    • BTC Analysis
    • ETH Analysis
    • XRP Analysis
    • Interviews
    Home » Crypto News » IOTA’s Recent $2 Million Attack Leaves Open Questions To The Project’s Payment Processor MoonPay

    IOTA’s Recent $2 Million Attack Leaves Open Questions To The Project’s Payment Processor MoonPay

    Author: Danish Yasin

    Last Updated Feb 23, 2020 @ 13:11

    It has been almost two weeks since the Trinity wallet attack, which has seen IOTA’s transaction coordinator halted.

    The fiat on-ramp was exploited by a hacker who leveraged the vulnerability to access IOTA’s Trinity wallet software, which was integrated with MoonPay. From there, funds were stolen from Trinity wallet users, with total losses believed to total around $2 million.

    Until the IOTA Foundation announced that it had been forced to pause the network in the wake of the hack, MoonPay was a little-known payment processor working within the crypto economy to supply fiat on-ramps.

    It now finds itself thrust into the spotlight, but for all the wrong reasons. An investigation by the IOTA Foundation traced the source of the attack back to a MoonPay vulnerability that enabled the hacker to control the firm’s content distribution network.

    As the Foundation’s blog post deconstructing the attack explains, an “illicit version of Moonpay’s software development kit (SDK)” was “loaded automatically from Moonpay’s servers (their content delivery network) when a user opened Trinity.”

    IOTA: MoonPay Carries the Can for $2 Million Exploit

    Billing itself as “the new standard for fiat to crypto,” MoonPay profess to have been “made by developers for developers” and boasts of the quality of its API. While the IOTA Foundation notes that it was able to work with MoonPay to “investigate the cause of this hack and acquire the necessary information for the investigation,” it makes no bones about where the blame lies for the exploit, naming MoonPay 19 times during the first installment of its blog post into the incident.

    In a series of tweets sent on February 21, MoonPay detailed that it is “working closely with the IOTA Trinity team to continue its investigation of the security incident” and promised “We have retained top cybersecurity experts to assist in our discovery process. Once our investigation is complete, we will take further action as per GDPR and other regulatory requirements. A complete report with our learnings to follow.”

    While the minutiae of the attack are still being determined, the source of the exploit – MoonPay’s CDN – is not in doubt. The attack has caused alarm in cryptocurrency circles, not just on account of its size, but due to the way in which it was orchestrated.

    The MoonPay website features testimonials from Bitcoin.com and ZenGo attesting to the power of the company’s fiat-to-crypto gateway. There are now concerns, however, that a similar attack could be orchestrated against other cryptocurrency wallets in the same way.

    Caution Urged While Investigation Continues

    Crypto wallets are meant to be sandboxed from external threats, with on-chain activity occurring independently of that which takes place on traditional financial rails. The MoonPay attack shows that care is required when introducing fiat support to crypto wallets, so as not to introduce a possible attack vector.

    Other fiat-crypto gateways are known to deploy a different approach to wallet integration and enforce additional safeguards, meaning the MoonPay exploit is unlikely to be replicable elsewhere. Until MoonPay publishes a full post-mortem of how the attack went down – and the steps that have been taken to prevent a repeat – crypto companies will be cautious about utilizing the tiny payment processor.

    Enjoy reading? Please share:
    Facebook Twitter LinkedIn Telegram
    SPECIAL OFFER (Sponsored)
    Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited offer).

    PrimeXBT Special Offer: Use this link to register & enter CRYPTOPOTATO35 code to get 35% free bonus on any deposit up to 1 BTC.

    You Might Also Like:

    • hack_attack
      Breaking: DeFi Protocol Harvest Finance Attack Targeting Liquidity Pools
    • hackers_cover
      2020 Presidential Election Structure in Georgia Hit With a Ransomeware Attack
    • justin_sun_cover
      TRON's Justin Sun Reveals An Unsuccessful Attack On The Network, All Funds Are SAFU
    Read more on: Hacking IOTA

    About The Author

    Danish Yasin View more posts by this author

    A freelance writer with more than three years of experience and can write research papers, blogs and web articles. An aspiring Computer Scientist and technology enthusiast. Contact Danish: LinkedIn

  • bitcoin
    BTC$32,711.00
  • ethereum
    ETH$1,455.13
  • Join Our Community

    FacebookTwitter YouTubeTelegram


    ADVERTISEMENT
    binance
    ADVERTISEMENT
    bitmart
    Bitcoin Editorials
    Will Bitcoin Price Rally Continue In 2021? 8 Key Considerations

    Will Bitcoin Price Rally Continue In 2021? 8 Key Considerations

    Ethereum 2.0 Staking on Exchange vs. Creating Your Node: What You Need to Know

    Ethereum 2.0 Staking on Exchange vs. Creating Your Node: What You Need to Know

    5 Possible Reasons For Bitcoin’s Price Surge Over $30,000

    5 Possible Reasons For Bitcoin’s Price Surge Over $30,000

    2020 Year In Review: Bitcoin’s Journey From $3800 To Nearly $30K

    2020 Year In Review: Bitcoin’s Journey From $3800 To Nearly $30K

    6 Reasons For The Ongoing Bitcoin Bull-Run Beyond $20K

    6 Reasons For The Ongoing Bitcoin Bull-Run Beyond $20K

    Join Our Newsletter
    Become a CryptoPotato VIP
    One Weekly Email Can Change Your Crypto Life.
    Sign-up FREE to receive our extended weekly market update and coin analysis report
    We NEVER send spam. You can unsubscribe at any time.
    Invalid email address
    Thanks for subscribing!
    About
    Advertise on CryptoPotato
    About Us | Contact Us

    Terms of service | Privacy Policy | GDPR
    More Sections
    IEO List | Evaluations
    Airdrops
    Scholarship
    Cannabis Stocks News | Market Analysis
    Disclaimer
    Disclaimer: Information found on CryptoPotato is those of writers quoted. It does not represent the opinions of CryptoPotato on whether to buy, sell, or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk. Full disclaimer
    © Copyright CryptoPotato 2016 - 2021
    Scroll to top
    One Weekly Email Can Change Your Crypto Life.

    Sign-up FREE to receive our extended weekly market update and coin analysis report

    We never send SPAM. You can unsubscribe at any moment
    Invalid email address
    Thanks for subscribing!