IOTA Reclaim Tool: How to use it

The affected addresses, and the users from the previous snapshot (transition period + key re-use) will be able to begin the recovery process in this wallet version. This process will be completed via the wallet v2.5.2 that can be found here:

Affected Users: Only those who from the previous transition period and the key re-use

In this version, the user will be publishing a proof of ownership of their seed to the Tangle. After successfully completing the reclaim process (once your transaction gets confirmed), make sure to keep your old and new seed safe, as you will need it for stage 2 which will go live next week with the new wallet release.

Affected Addresses

While the team is taking the time to fully analyze the attack, we have taken precautionary measures to safeguard funds residing at specific addresses to an IOTA Foundation controlled address, so that the previous owners can easily recover their tokens without the attacker being able to sweep them first.

In this release users are forced to regenerate their balances by attaching addresses to the Tangle. The new GUI wallet is currently being prepared for a public beta that will begin for mobile as soon as we have sufficient confidence in its readiness. We will keep users informed of the status via this Blog and Twitter.

Bugs can happen

It is an inevitability of any software, especially an ambitious project working on the cutting edge of a new sector, to have bugs in release software. The industry average of bugs is about 15–50 errors per 1000 lines of published code. (Source). In the Distributed Ledger space, we have seen this repeatedly in all Blockchain projects, including major ones such as Bitcoin and Ethereum. A few prominent examples include the time a bug enabled the creation of billions of new Bitcoins and the Geth bug that was fortunately discovered 2 days before Ethereum’s recent hardfork. Or the now infamous TheDAO.

IOTA is a young technology. Therefore bugs of varying degrees are inevitable as it matures. As always, prevention is better than treatment, which is why we are introducing more and better commit and security audit processes internally and are starting to engage more independent security audit firms for some of our security critical releases (Masked Authenticated Messaging and the Tumbling Service to name a few).

The Case for the Coordinator

As many of you know, IOTA currently utilizes a coordinator that helps to protect the network against certain attacks during this initial bootstrapping phase. The coordinator’s role is a rather simple one: create milestones that reference the valid sub-tangle without creating ledger inconsistencies and then allow the network to validate these milestones. As such, the coordinator plays a crucial role in assisting the network with the confirmation of transactions.

In extraordinary cases, we make the decision to shut down the coordinator and prevent a bug in the software to cause any damage on the network. This was the case in the present situation, where an attack related to the key re-use issue from the previous snapshot was continued. As a precautionary measure to protect users from losing their funds, we alerted the exchanges to stop withdrawals and deposits while we were investigating the situation.

We will write a more detailed post about the Coordinator and its role in IOTA, Economic Clustering (based on https://en.bitcoin.it/wiki/Economic_majority) and the future of IOTA without a Coordinator. The coordinator code will also be open sourced as part of the official setup of the IOTA Foundation. More details on this and other aspects of the Foundation’s evolving governance model and strategic areas of focus will be provided in the coming weeks.