How people using a seed generator site got scammed

Written By Sanjir Habib On Jan-29th, 2018


What actually happened was a lot of unfortunate users were generating their unique seed (which is what you derive your password from) from a false website, a phishing website. It was meticulously crafted in such a way that it ended up being at the top of a Google search for IOTA seed generator, it was the first thing listed in the ads…So, this malicious actor essentially had people go there, and he/she created a website that looked very legitimate to new users. Therefore, they trusted it, and generated a seed there. That essentially means that they gave away their private key to a thief. It’s equivalent to giving your keys to someone as you go into a store, and then coming back out to find that your car is gone.

Ars Technica - Mon 29-Jan-2018 6:56 AM

Two new cryptocurrency heists make off with over $400M worth of blockchange

Coincheck sincerely apologizes for the inconvenience.

And technical desection of the code in question.

Thatoddmailbox - Mon 29-Jan-2018 6:56 AM

["How a malicious seed generation website stole $4 million | Alex Studer"]