Cryptographic vulnerabilities in IOTA – Neha Narula – Medium

Last month, Ethan Heilman, Tadge Dryja, Madars Virza, and I took a look at IOTA, currently the 8th largest cryptocurrency with a $1.9B market cap. In its repositories on GitHub, we found a serious vulnerability — the IOTA developers had written their own hash function, Curl, and it produced collisions (when different inputs hash to the same output). Once we developed our attack, we could find collisions using commodity hardware within just a few minutes, and forge signatures on IOTA payments. We informed the IOTA developers, they patched their system, and we wrote a vulnerability report. The current version of IOTA does not have the vulnerabilities we found, but there’s more to be said about how this happened and what’s going on with cryptocurrencies right now.


Want to receive more content like this in your inbox?