An important update to our community and partners

Background on the reclaim process — the bundle bug

As most members of the IOTA Community know, in October of 2017 a bug was found in the early normalization code for IOTA transaction signature bundles. The details are highly technical, but the intrepid may check out Eric Hop’s excellent blog post on the IOTA signing process to fully understand them. For the less technically-minded, the upshot is that the bug put the IOTA tokens of certain users at risk by partially revealing a portion of the private key generated for specific addresses. This would have made it easier for malicious attackers to potentially “brute force” hack the remainder of those addresses’ private keys and thereby steal the tokens.

The IOTA open source community quickly came together to develop a patch for this bug. Over the course of three days, the coordinator was shut down (to make it more difficult for any brute force attacks to be confirmed), a patch was deployed, and the community of full node operators reached a consensus to carry out an emergency snapshot to prevent the loss of any user tokens.

In the current version of the Tangle’s deployment, snapshots are carried out on a periodic basis to prune the ledger and make it faster by removing all zero-balance addresses. (A general explanation of snapshots in IOTA can be found on the Hello IOTA Forum.) In this case, however, the community took the unprecedented decision to carry out a snapshot that would essentially wipe out the effects of the bug by sweeping the at-risk tokens to new, safe addresses from which they could be returned to the original owners via a reclaim process.

It is important to stress that this step was not taken lightly and was not carried out by any single individual or organization. Rather, the idea was proposed and debated by the community of IOTA developers and then put to a vote by the entire network of IOTA full-node operators worldwide. Motivated by the belief that rescuing the at-risk tokens was the right thing to do, the full node operators — some of whom remain anonymous — unanimously opted to validate the snapshot and rescue the at-risk tokens. The rescued tokens were then made subject to a reclaim process which was announced in an IOTA blog post on 25 October 2017. A further update on the reclaim process was then provided on 9 November 2017.

Many users have already received their tokens back through the reclaim process, while others are still waiting (more on that in a minute!).

The double reclaim problem: why some reclaims need to go through identity verification

The fact that IOTA is a public, permissionless distributed ledger means that users can create wallets, obtain IOTA tokens, and send and receive transactions via the Tangle without ever having to notify or share their personal details with anyone. Permissionless innovation is one of the core features of IOTA’s design. It is a bedrock commitment which the IOTA community shares in common with many of the leading open source projects in the blockchain and distributed ledger space. For this reason, neither the IOTA Foundation nor anyone else who contributes to or uses IOTA has any way of knowing — on the basis of the protocol alone — who owns which individual IOTA addresses.

This privacy-by-default design fosters permissionless innovation within the IOTA Ecosystem, and this is something we are very proud of. But it also poses special challenges when it comes to completing the token reclaim process. In certain cases (around 200), more than one person submitted a reclaim for the same IOTA address. This may have happened inadvertently. For example, a user attempting to reclaim his or her tokens might have submitted a reclaim request asking to have the tokens sent to new Address A, then later submitted a second reclaim request asking to have the same tokens sent to new Address B. Perhaps the user did this because s/he had meanwhile used Address A for something else (and everyone knows you should never use an IOTA address more than once!). Or perhaps the user wasn’t sure if the first request had successfully been recorded, so s/he submitted a second one out of an abundance of caution. Our working assumption is that many of the double reclaims amount to simple innocent mistakes of this sort.

We cannot rule out, however, that some duplicate reclaims might represent attempts by thieves to steal the tokens of other legitimate users. Since the bundle bug revealed portions of the affected users’ private keys, it is theoretically possible that a savvy hacker might have been able to brute-force the remainder of the private key and submitted a reclaim for someone else’s tokens. Unfortunately, without obtaining the further information detailed below, it is not possible to determine who, among two or more claimants who have proven that they know the affected wallet’s private key, is the legitimate owner of the tokens.

For this reason, the IOTA Foundation has contracted third-party vendor IDnow to perform identity verifications on the wallet owners. This will help us determine who is the valid owner of the disputed reclaims and return the tokens to their rightful owners.