New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

My IOTA disappointment and a warning to others #734

Closed
UnitTwopointZero opened this Issue Dec 12, 2017 · 19 comments

Comments

Projects
None yet
@UnitTwopointZero
Copy link

UnitTwopointZero commented Dec 12, 2017

Not sure if this is the right forum for this. Apologies if it isn't
I should also mention that I'm not a computer noob. I'm also not new to Cryptos, though I am new to IOTA.
After doing a bit of reading, I have to say that I had high hopes for it.
So I dived in and bought some on Bitfinex.
I then moved my purchased IOTA from the exchange and onto a wallet, as is the prudent thing to do when dealing with Cryptos. I initially chose the Android Wallet.
The transferred a small amount out of Bitfinex to test. This went smoothly enough and the balance showed in my wallet. So I transferred the rest into the Android wallet. Again, all relatively smooth.

The problems started when about 2 weeks later, I decided to transfer some IOTA back to the exchange to sell. I found the wallet to be quite unusable as it would take a long time to display the balance, there was a loading time between selecting each option. When I finally managed to send a transaction I found that getting it out of the wallet was not as smooth as getting it in. The transaction sat "pending" for days.

So I started doing a bit of digging and found that this seemed to be a common issue with the main advice being along the lines of: Re-broadcast / re-attach to tangle.

So I did that. Several times. It took a couple of days, but it finally got transferred to the exchange.
That it needed constant manual intervention to make the transaction stick was a concern to me.
So I decided to move the rest of my IOTA onto the exchange while I decide what to do next.

The second transfer though just would not move past pending status. No matter how much I did "Replay bundle".
At that point I thought that maybe the Desktop Light Wallet might be a better option than the Android Wallet (which is in beta).

So I downloaded the Light Wallet and logged in with the seed. The Light Wallet experience was no better.
I could see my balance, but the transactions would not move past pending. I re-broadcast and I re-attached... I did this every couple of hours as per advice online. Still no joy. By this point my transaction history had 10 or so pending transactions.

I went through the Light Wallet help menus. No solution there. The help menus lead me to the IOTA forum. No solution there. Just the same re-broadcast / Re-attach advice.
At this point my ability to login to my wallet was becoming more hit and miss since most of the time, the public nodes would just time out or give me connection refused errors. This frustration went on for about a week, during which, I tried different internet connections, re-installation of the wallet and even installed the wallet on another computer. The problem persisted.

I went back through the Light Wallet help menus in desperation. The led me to github, where i found numerous posts from people having the same issue.

I came across a couple of posts mentioning resolution to the issue via a site called "IOTASALAD". Which was basically a list of nodes that could be used in the Light Wallet.
Initially, I was a bit suspicious and there was a warning light in the back of my head, but since by this point I was barely able to connect to other nodes, frustration won over the warnings in my head.

So I tried one of the suggested nodes there. It took a while to log back into my wallet but at least it wasn't timing out (yet). I left my computer and when I came back found that it had logged in.
Finally! Momentary joy!
I then notice that my balance is ZERO, and I initially think my transaction is finally confirmed and balance has been transferred back to the exchange!".
Then I check the transaction history and notice over 400 new transactions have appeared. Hmmmm.. This doesn't seem right. I check the address they're going to and find that it is not mine! I scroll through the hundreds of pending transactions that I did not do and find 1 which is confirmed.
It only takes one transaction to confirm and just like that, you're over over $6000 out of pocket. Yes, that's how much appears to have been stolen from me!

I have only ever entered my seed in the Android wallet and the Light wallet. I work in the IT industry and know full well how to secure my device(s). If my devices were compromised, I would have lost other cryptos as well.
So I am still unsure as to what happened exactly. However, the 400+ transactions which I definitely did not do, are all time stamped in the 30 mins or so right after I used the "IOTASALAD" nodes. So at this stage, until I have new information, my assumption is that those nodes are malicious and have somehow hijacked my wallet seed. Is this possible? If so, how is it that someone can just setup their own node and steal people's money? Surely this would be a very obvious security hole which would increase exponentially as IOTA grows??

At this point, it seems I can't login at all using my seed. Neither on the Desktop Wallet nor the Android wallet.

Overall, very upset, very disappointed. Will be sure to give IOTA a wide berth from here on.

@chus3r

This comment has been minimized.

Copy link

chus3r commented Dec 12, 2017

@UnitTwopointZero This isn't really the right spot, you might have better luck in the official forum. https://forum.iota.org/c/general

Or you might try https://forum.helloiota.com.

Github is an issue tracker for the wallet software. This isn't really something the developers can do anything about as their focus is on the wallet, not the broader issues with IOTA.

@UnitTwopointZero

This comment has been minimized.

Copy link

UnitTwopointZero commented Dec 12, 2017

ok. Thank you for your response.

@elvis1965isik

This comment has been minimized.

Copy link

elvis1965isik commented Dec 13, 2017

I had the same issue but always kept using the nodes who are recomended by iota, after a few times it confirmed the transaction,,, but it never arrived in my bitfinex wallet its more than 30 days ago>>> still nothing in my wallet

https://iotasear.ch/address/MKBLUHTSJEMVUUXSOAEBLPUDNJZFNGFXPVBJL9DGQUTRLZLZTXVZWHUMNHBNZZSURMJWKXWTUIRRKC9EBIE9PLRWUW

@snickers1979

This comment has been minimized.

Copy link

snickers1979 commented Dec 14, 2017

I also sent 8 MI left 3 day ago still pending . IOTA- Poor raw project , I week ago somebody stolen 2600 Mi from my wallet , 8 MI left as tips, I did not sleep for2 nights , seaching who can help me , nobody . NO SUPPORT ! I 'm disappointed. My advise to you , never send money to the wallet , their wallet seems to be a scam .The bestway now is to keep them on different exchenges , but use max security for withdraw

@maxhq

This comment has been minimized.

Copy link

maxhq commented Dec 15, 2017

@UnitTwopointZero Could you please close this issue?

@UnitTwopointZero

This comment has been minimized.

Copy link

UnitTwopointZero commented Dec 16, 2017

Closing issue, even though i am unfortunately still several thousand dollars poorer.. :(

@LITTLEDINKY01

This comment has been minimized.

Copy link

LITTLEDINKY01 commented Dec 21, 2017

FUD....

@cyrille-kabadjeu

This comment has been minimized.

Copy link

cyrille-kabadjeu commented Dec 22, 2017

I am having the same issue and it's been 4 days now! Transfered 2000 MIOTA from light wallet to bitfinex, the transaction got confirmed but it's doesn't show on bitfinex!
https://iotasear.ch/hash/HNSPLBEYRIIORAMZXVUIQOXRACCLEHR9UPTVVPUDNXBAIWEAPCDXOIMMNTPNQZFFLZDXMHRTRIXTTOSSXFXJWRSGG9
My MIOTA went in and straight out of my address! I opened a Bitfinex Support Ticket but nothing so far!
So many people are having the same issue I start to think that Bitfinex IOTA wallets are being hacked or there is a big hack going on in the IOTA tangle!
IOTA Team and Bitfinex really need to look into it!

@martingou59

This comment has been minimized.

Copy link

martingou59 commented Dec 24, 2017

hello i lost 62 iota the walet don't work
i can see out transaction with all my iota
iotasalad and cie it's scam

@jasonkyc

This comment has been minimized.

Copy link

jasonkyc commented Jan 19, 2018

my IOTA in light wallet was transferred without knowing by today 700+ Iota where they goes??!!

@lambtho12

This comment has been minimized.

Copy link

lambtho12 commented Jan 26, 2018

Hi, few things here.
The long pending time was due to the utilization of the default public nodes. These are often the target of DDoS attacks and are down from time to time. Also, the rebroadcast function was not really useful in your case, but it did not cause any harm tho. Only the reattach function is useful for speeding up the confirmation process.

When you use the wallets, the seed never leave the wallet, only the addresses and the signatures are communicated to the nodes. So there is no way that a "malicious node" would have stolen your seed. Also iotasalad nodes are known to be legit I think.

My guess would be that you generated the seed using a compromised online seed generator (iotaseed .io for instance, that is responsible of the main theft of last week), or a poor RNG to generate it on a computer (for instance, it was shown the matlab RNG always obeys the same rules, and therefore is not random).

Maybe you should reach out the IOTA discord community. There is a channel help where people may see with you in depth what went wrong.

@elvis1965isik

This comment has been minimized.

Copy link

elvis1965isik commented Jan 26, 2018

@lambtho12

This comment has been minimized.

Copy link

lambtho12 commented Jan 26, 2018

elvis1965isik >
This seems like a bitfinex problem then. Two things come to my mind :

  1. You mistyped the address and sent IOTAs to a wrong one. In that case they are lost. (Or you had a malware on your computer that changed the address when you copy/paste it)
  2. You sent IOTA to an addresse you already used once on bitfinex. As it is clearly stated on their website, you MUST generate a new receiving address for each incoming transactions, otherwise funds will be lost.

If it's not any of these two, then it is clearly a problem on their side and the IOTA community could not be of any help here. Try reaching them on social networks or something, maybe it will go faster.

I wish you luck and hope this help you a bit more in your researches.

@elvis1965isik

This comment has been minimized.

Copy link

elvis1965isik commented Jan 26, 2018

@UnitTwopointZero

This comment has been minimized.

Copy link

UnitTwopointZero commented Jan 30, 2018

@lambtho12
My "malicious node" comment was me clutching at straws as I couldn't see how else this could have happened. As i said, I'm not a newbie in the crypto space so I know the risks as well as the Do's and Dont's for protecting myself.

The seed I used was generated using the Android wallet. So that would rule out a compromised online seed generator?
So I'm still none the wiser as to how my money was taken from under my nose and unless the discord community was going to somehow reverse that theft transaction, then there's really no point reaching out and as far as I'm aware, transactions are not reversible.

Once bitten, twice shy and all that... I'll keep clear of IOTA.
There is plenty of opportunity in other cryptos that aren't so easily damaged by hacks or DDoS attacks.

Appreciate you taking the time to reply though.

@cryptotom77

This comment has been minimized.

Copy link

cryptotom77 commented May 8, 2018

Hi

Similar things happened to me. I lost over 6 Gi, equivalent to $15k.

I was on vacation for 6 weeks and put my computer in a safety deposit box. I returned on Monday, Apri 2nd. I did not open my Iota wallet until Saturday, April 7. When I did, all my Iotas were gone. I reattached my wallet to tangle numerous times. Finally a transaction appeared which transferred all my Iotas to a different address. Below is the link to the transaction.
https://thetangle.org/transaction/UYIFGOSQIUU9PAMWWNLOAQOPGSWMKKTVVDCM9SXUPYQSHVDGKARJHQDJZPDPOROGLQTBOBLMMLKUA9999

I have no idea how this could have happened. I have at least 10 different wallets on my computer for 10 different crypto currencies. All passwords are stored in my password tool LastPass, which is in turn protected by 2 factor authentication using Google authenticator. NONE of my other crypto was touched, only Iota.​​​​​​

I did not generate my seed using an online key generator. I used a 13 letter phrase and number 9.​ I then copied that combination 5 times to generate my seed.

This project is a joke.

@lambtho12

This comment has been minimized.

Copy link

lambtho12 commented May 8, 2018

@cryptotom77
not sure what went wrong, but it's clearly a typical example of someone gaining access to your seed somehow as all addresses were emptied in one single bundle.

Maybe because it was not random and someone found your 13 letter phrase (while your other crypto private keys are truly random), idk.

Anyway, stating the project is a joke when you clearly state that you did not follow the simple rule for seed generation (81 random char) is a bit hypocritical IMO.
You should go to the official discord and have a chat with people in help channel, maybe someone will be able to find what went wrong with your seed.

@cryptotom77

This comment has been minimized.

Copy link

cryptotom77 commented May 8, 2018

I did reach out. No help there.

@cryptotom77

This comment has been minimized.

Copy link

cryptotom77 commented May 8, 2018

The project IS a joke. It should not see the light of day for at least a couple of years - obnoxious and rude team, threatening MIT scholars, posting rude remarks on Medium, wallet is a disaster, seed generator non existent, balance finder is a list of Linux commands, and these people are advertising themselves as Ethereum killers, technology of the future or the next big thing? Please. It's like cell phones in the 90s. They were bricks, clunky and ridiculous, pretty much the state of Iota today. Maybe in 10 years we can come back to this project. But for now I will spread far and wide how useless it is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment