The IOTA Foundation, the non-profit organization behind the IOTA network, has turned off the Coordinator node that it controls and is responsible for validating individual transactions on it, amid reports $1.6 million worth of IOTA were stolen.

The Germany-based organization has announced it turned off the Coordinator node amid an ongoing investigation into the theft, which appears to be related to its Trinity wallet software. The Coordinator node was paused to ensure “no further theft can occur” until the root cause of the problem is found.

Currently, #IOTA is working with law enforcement and cybersecurity experts to investigate a coordinated attack, resulting in stolen funds. To protect users, we have paused the Coordinator and advise users not to open Trinity until further notice. Updates: https://t.co/ME3Cvki3k9 — IOTA (@iotatoken) February 13, 2020

In a status page monitoring the IOTA network, the Foundation notes that “several cyber forensic experts have joined the investigation” and that cryptocurrency exchanges that responded to it reported no monitored funds have been transferred or cashed out.

The IOTA Foundation adds that so far most evidence “is pointing towards seed theft, cause still unknown and under investigation.” Users that identified with the IOTA Foundation all seemed to be using the Trinity wallet. While a bug in it appears to be the root cause of the problem, the organization noted other scenarios can’t yet be ruled out.

Users tracking the situation on social media noted that $1.6 million worth of IOTA were stolen before the network was put on hold.

About $1.6 Million USD worth of #iota have been stolen from ~10 high-value accounts. Bug is likely in the (official) desktop wallet. Network completely stopped for nearly 24 hours now.#IOTAstrong just keeps on giving. pic.twitter.com/CMwyRRtYy0 — 00xou (@00xou) February 13, 2020

Before detailing what’s been going on, the IOTA Foundation asked users to “not open or use Trinity on Desktop until further notice,” which seems to imply there was a vulnerability being exploited on the wallet.

Featured image via Pixabay.