+x

 

miota - 20 Jan 2018

use this dice roll method: https://i.redd.it/1ob6f3wagp601.jpg

Have 3 dices and roll them. If the first dice shows 1 or 2, go to left in the second row, if 3 or 4 go to middle, if 5 or 6, go to the right.
If the second dice shows 1 or 2, go to the left in the third row, if 3 or 4 go the middle, if 5 or 6 go to the right.
Then do the same with the third dice: if it shows 1 or 2, go the left in the fourth row containing letters on the left, if 3 or 4 go the middle, if 5 or 6 go to the right.
For example rolling 3, 2, 5 would yield L, then rolling 6, 1, 4 would yield T, etc.

I forgot to mention that you should use quality dices, cheap Chinese dices may favor the lighter side (eg. number 6 as it has 6 holes that makes it lighter).
Also it is best to use dices of 3 different color and always read eg. red dice's number first, green dice's number second and white dice's number third. This is because if all dices are of the same color and look like the same, a human may be tempted to read for example the dice with the lowest number first. And this would cause the seed to contain a lot more letters from the first one third of the alphabet than the rest. It is simply amazing in how many ways a human can ruin a random number generator...

Also what most people forgot when generating a seed is that this seed is very much different from using a password. In most systems passwords cannot be brute forced, because the system locks the user should it try to guess too many times in a row. However in case of IOTA addresses, one can easily see online which address contains a huge amount of IOTAs and try to attack that using brute force. This brute force attack can be done completely offline, the attacker does not have to be connected to the internet. When a bad seed is used the attacker may succeed. When a compromised seed generator was used, for example one which stores all generated seeds it is just a matter of seconds for an attacker to find out which IOTA public address that seed belongs to.

When a truly random seed is used, however, brute force is not much of a problem, because the seed space is so big that it is highly unlikely one is able to ever succeed. There are 81 characters in the seed, and each character can be of 27 different values (A-Z, 9). That makes 27^81, that is twenty-seven to the power of eighty-one different seeds. That is 8 followed by 115 zeros. Just to compare, currently it is believed that the are about 10^82 (1 followed by 82 zeros) atoms in the whole currently observable universe.

An unbelievably lot of trials are needed to find the seed if it was truly randomly generated. Most commonly used x86-64 based hardwares can perform SHA-3 at about 12.6 clock cycles per byte (cpb). Since IOTA uses 384-bit (48 byte) SHA-3 function that makes it about 605 cycles to complete a hash operation, that is one trial of 27^81 space. If the hardware runs at 3.2 GHz, there are 3200000000 cycles per second, so in one second 3200000000/605 = 5.3 million trials can be made. While that may sound a lot, that is only 5 followed by 6 zeros trials in a second. To cycle through all possible variations, it would take 27^81 / 5.3 * 10^6, or between 10^108 and 10^109 seconds. In a year there are 31536000 seconds, that is around 3 * 10^7, so it would take between 10^101 and 10^102 years to complete all possibilties. That is 1 followed by 101 or 102 zeros. Note that the Earth is only 4.54 billion years old (4.54 * 10^9), so it would take about 10^92 to 10^93 Earth ages to succeed.

Of course an adversary may want to use more than a single computer, so let's say it has access to a botnet of 100 billion (10^11) computers. Note that there are currently much less computers on the whole planet, but let's suppose in the age of IoT (internet of things) there will be that much, and the attacker manages to take control over all of them. Even if using that much computing power it would take between 10^90 and 10^91 years to succeed. That is still much (and I really mean MUCH) longer time than the Earth's age. But by then our Sun will have long become a red giant and the whole Earth will have been destroyed anyways at around 5* 10^9 years from now.

So to summarize if one uses a truly random seed, like the one you can make with the help of 3 dices of different color, and you keep your seed safe and never share it with anyone, you should have no worries of any IOTA theft ever. Even with all computing power available on Earth, nobody could steal your funds, at least not before all planets in our solar system are vaporized.

Thieves succeed only because they use the weakest link in the chain to break it. And unfortunately the weakest link is always the people themselves. When it comes to money, never trust third parties, never share your seed and make sure you keep it safe.

Also you may want to distribute money into multiple wallets using different, that were generated using different truly random seeds. That way your wallet (remember: whose balance is public to anyone!) will be less likely a target of attackers in the first place.

hi 
I dont know if I have to forget this; I realize that I lost all of IOTA about  17GI  out of my wallet today. Trying to log in and recover my balance I was so romantic that I thought it was matter of time.
But as I went to talk to people on cryptocompare iota forum, I realized all of them lost.
I have everything kind of record. I am wondering if having help?
KH

hi mine is showing still pending. but I am not that techy what can I do ?

3 Gi
BJFVIGKFWNJWSWSNZERCXAOGWDAKZGHLSATKVCMKPOO9ZOPQKRASJDBTNZEZGTWHLBFNPAWMKUD9CKTZ9

I lost mine! Showing confirmed and happened on 18th jan to this address JMFSOIUAZHLQXSFNEQGDHRSSNTTHOXFRCUWU9ZNMUHCFGDLZQSGNEXGWNKXQKUCCOIIOHR9WJXDRBFSCCO9RMGJCUD

+x

 

Winston - 19 Jan 2018

To everyone posting with stolen balances:

You have all likely used malicious online seed generators when generating your seed. It looks like the owner of that website(s) decided to steal all of the victims' funds today, so we're seeing a bunch of panicked posts about stolen funds. 

Here's a great initial postmortem of the situation (written by Ralf) 

Instructions:

1. If the stolen transaction is still pending (it'll say "Pending" underneath the transaction in your wallet history), URGENTLY send your entire balance to an address in a different seed. You might need to use the CLI wallet in order to make this new transaction so that you can bypass the double spending prevention mechanism that's built into the GUI wallet. You need to get your new transaction confirmed before the stolen transaction is confirmed.
CLI Wallet -
https://github.com/MichaelSchwab/iota-commandline-wallet
https://github.com/TimSamshuijzen/iotaproxy
CLI Wallet Instructions: 
https://www.reddit.com/r/Iota/comments/7rlvx5/how_to_how_to_maybe_rescue_your_funds_before_the/ 
-- or -- https://forum.helloiota.com/post/8584

For those who need urgent real-time assistance, join the IOTA Discord channel and ask for help immediately: 
https://discord.gg/fNGZXvh

2. If the stolen transaction is confirmed (it'll say "Confirmed" underneath the transaction in your wallet history), unfortunately that IOTA is now gone forever. This is a terrible situation, but hopefully we can use this experience to inculcate safe seed generation practices. Please see the "Legal Action" addendum below for details on legal recourse.

The golden rule is to change 10 characters from whatever string of characters the seed generator gives you. Preferably, avoid online seed generators altogether. Here are the currently recognized best practices of seed generation by the IOTA community:
https://helloiota.com/generate-seed.html 
------------------------------------
Legal Action: Since IOTA is an open-source software project, there's no central entity that has control over balances or permissions. However, this doesn't mean that there's no legal recourse if you were one of the unfortunate victims of this crime! I've already informally encouraged some victims to link up and explore taking legal action against the perpetrators of this theft. Even if you can just find one other victim who lives in your country, it would be smart to team up with them and attempt to navigate the legal process together.

The more people who decide to take action, the better. Nobody is going to act on your behalf, and nothing will happen if everyone sits around waiting for something to happen. Please let me know if I can be of any help during this process by either posting here on the forum or messaging me in discord.

Hi 
as I posted a comment when I found my iota was still pending to have help, I dont know Discord can help.
Where do I join for legal action?

+x

 

MMkrypto - 21 Jan 2018

Hi 
as I posted a comment when I found my iota was still pending to have help, I dont know Discord can help.
Where do I join for legal action? 

+x

 

MMkrypto - 21 Jan 2018

Hi 
as I posted a comment when I found my iota was still pending to have help, I dont know Discord can help.
Where do I join for legal action?

I've send you a private message. Maybe I can help. I've been helping other people on here with similar problems.

Helloplease help me my iota have been stolen. these were sent to this address. it was 3270 pieces. I was devastated CRRAFWYRQ99SE9OYHZKIHKPDVGXKSSECOBZT9QRNLSSOAWULGPRXKHWHWGXJVUMGGXZQIXHTMEYKUN9PZVPK9DBSYC

Hi

I lost 1000,896928 Mi from my wallet GHFODEFVBMLPHXIYZDQF9PCWLNVOGNDKLXJJKFYFAVSXHSTGO9QJZWJWJSTUEWLXUOAKTT9FOHAFFWIUDAYLTEXWSX
was  send to LOLHWNEANRBKQXM9AYGEXPIGKLHQAWESMSAGXWNQQLJENBWJYEJFBLGSYQ9XKTJMDBYZPRTYYBCYTIAECRVXNPSVP9 


Thx

+x

 

Horsemen - 21 Jan 2018

Hallo IOTA Team
Ihr gebt uns IOTA Kunden die Schuld an dieser Sch....!
Es liegt in EURER Verantwortung, dass mehrere Wochen ein SCAM Seed-Generator mit EUREM Namen an erster Stelle bei Google gelistet ist und ihr nichts bemerkt.
Wie wollt ihr erfolgreich sei, wenn ihr nicht einmal ein sicheres Wallet erstellen könnt?
Wenn ihr Charakter habt findet ihr für eure Kunden, die euch Milliarden Euro anvertraut haben, eine Lösung.
Ihr habt die materiellen und technischen Mittel dafür.
Es wird nicht gelingen diesen Skandal klein zu halten.

Hello IOTA team
You blame us IOTA customers for this sh ....!
It is YOUR responsibility that for several weeks a SCAM seed generator with EUREM name is listed first on Google and you will not notice.
How do you want to succeed if you can not even create a safe wallet?
If you have character you will find a solution for your customers who have entrusted you with billions of Euros.
You have the material and technical resources for it.
It will not succeed to keep this scandal small.

@Horsemen

"Hello IOTA team
You blame us IOTA customers for this sh ....!
It is YOUR responsibility that for several weeks a SCAM seed generator with EUREM name is listed first on Google and you will not notice.
How do you want to succeed if you can not even create a safe wallet?
If you have character you will find a solution for your customers who have entrusted you with billions of Euros.
You have the material and technical resources for it.
It will not succeed to keep this scandal small"

Thank you for the post, and welcome to the community. It's important to remember that this forum is simply a community run platform, and none of the IOTA Core team posts here to my knowledge. So you'll want to join the discord channel if you'd like to voice your concerns with them directly.

Another important thing to point out is that there are no IOTA customers. IOTA is simply a software protocol that users can either choose to use or choose not to use. There is no product, and there is no business plan. This is a very common misunderstanding by lots of people, so I don't mean to disparage or single you out here, but it provides a good learning opportunity. There's no board of directors sitting around trying to increase profit margins or optimize returns. These guys are just writing software and attempting to help get that software adopted in the business world. They will not be pursuing legal action on behalf of users, just as the Bitcoin developers have never pursued legal action on behalf of Mt. Gox customers -- it was up to those individual customers to pursue their own legal action in that case. Same thing here.

Next: Nobody is blaming anyone. Stating facts should be celebrated, and the facts are that many people used malicious online seed generators. When someone else has your seed, they have the same ability to spend the funds that belong to that seed as anyone else who has access to the seed. It's extremely important to use this event as a teaching opportunity to make sure that the community understands the massive dangers of using online seed generators. Let's not miss that opportunity by trying to assign blame.

pls help 7 gi is stolen, I cannot enter the root in terminal

is there another option to stop pending?

Hi all, i Used the seedgenerator and changed about 20 caracters offline, but even with this adjustments I have been hacked. I would like to join any (legal) actions in recover and have this stopped

Foundation of central coordinator, pls provide help!!

I DID change 20 characters and still have been hacked!!

All My wallet have been stolen.
I lost 20.97Gi !!
The destination wallet was 
HPHQTRANKNABYOWJLS9OTAMRABRBQAAQA9LMIKVAZBNXUMAATDFPPWWJGGVQAOQJZJ9OAJHEQU9XPERPX
That's was January 19, 2018 02:22:50
Seeing the number of problems, I think you need to something.
I arrived on the seed generator website through yours after downloading the wallet.

Ethereum has forked for the Dao hack, you have to do something similar.

Don't let us like that !

Thanks

Hi,

my balance is now ZERO ,,

hash:

RDZEOGAYJGCKFMKCFDQS9LLYAUGYCRAMY9BIDIBUDVRYVEFLIIBMVVISYFMASR9QISVXG9LMFRJF99999

used iotaseed.io 2 months ago ,, changing some chars. not enough.