Yesterday, on June 13th, IOTA was listed on Bitfinex and shortly after, it showed up as the 7th largest cryptocurrency by market capitalization on coinmarketcap.com at US$1.5bn.

Bitfinex gave the following motivation for the listing:

This correlates well with the information presented on IOTA’s website. If these claims are proven to be true, IOTA would perhaps be the most interesting innovation to ever emerge from this space.

This post will not go in to extreme detail about how IOTA works or what a DAG is, since there are plenty of other resources online (website, whitepaper, github). Instead, here’s an extremely short and simplified version:

The IOTA ledger is constructed as a tree, where the root node (“node” here simply refers to a position in the tree — has nothing to do will network nodes) is the equivalent to the “genesis block”, and every subsequent transaction creates a new node in the tree. From the genesis node, all iotas that will ever be created were distributed to a group of addresses participating in the original ICO in 2015. For a person to extend this tree, his transaction must point to two randomly chosen previous transactions in the tree, and include a tiny Proof-of-Work hash. This creates an ever-growing tree representing the ledger.

The “Tangle” (DAG): Each node represents a new transaction.

When he has selected the two previous transactions, he also verifies them by making sure they also include the required Proof-of-Work and that they neither directly nor indirectly extend what would constitute a double-spending transaction in the tree.

To choose which branch of the tree to extend upon, he follows a specific MCMC-based algorithm, and as long as the majority of the other users follows the same algorithm, the tree will diverge into the same direction as a result. This direction is then secured over time through the extension of more tiny Proofs-of-Works added by each new transaction. Further, the system only provides any security guarantees in the case that an attacker does not amass more than 33% of the hashpower of the network.

The problem

The problem comes down to this; at the current stage, an attacker could very easily amass 33% of the hashpower of the network, because hashing only happens at the instants when new transactions are being added to the tree, and is completed in a second using a normal laptop.

I was unable to find any information on how IOTA resolves this seemingly disturbing security issue on their website or in their whitepaper, but I did find the following information in two non-affiliated blogs (1, 2) after a lot of searching:

Milestones: Milestone is a special transaction issued by a special node called Coordinator. The Coordinator is run by Iota Foundation, its main purpose is to protect the network until it grows strong enough to sustain against a large scale attack from those who own GPUs. Milestones set general direction for the tangle growth and do some kind of checkpointing. Transactions (in)directly referenced by milestones are considered as confirmed.

To make sure, I confirmed this with one of their devs on Slack:

This means that IOTA in its current form does not provide any censorship resistance, since the path of the tree is centrally directed through a Coordinator node run by the IOTA Foundation. As such, IOTA is no more decentralized than an Apache Kafka cluster, or Ripple and their Unique Node List. (EDIT: This also opens up IOTA to double-spend attacks from the Coordinator itself, which I submitted an issue about. The issue was closed with no response. 3 months later, I got the explanation from IOTA co-founder that such an attack would be “not rational”, albeit indeed possible.)

I would argue that this is crucial information a user needs to know, yet I have no idea how the average person is intended to learn about this, since it’s nowhere to be found in the IOTA whitepaper or on their website. (EDIT: Since this article was written, IOTA published a post regarding this matter here. I responded to their post here.)

Furthermore, even if the Coordinator is planned to become optional someday, we currently have no way to verify that the technology will ever actually work safely without it, and thus, the spectacular claims by IOTA remains nothing more than ambitious theory.

Final note: Please read the comments to this Medium post, as it covers a long discussion between me and IOTA Founders David Sønstebø and Sergey Ivancheglo.