IOTA, a cryptocurrency platform for the Internet of Things ecosystem, was in trouble recently after hackers stole passwords for user wallets and decamped with $4 million worth of coins. The theft generated headlines, and critics were quick to pounce on IOTA and called it “a horrible, horrible, terrible cryptocurrency” for not protecting users from such attacks. (See also: What Is IOTA?)

However, that criticism misses the important fact that IOTA itself was not compromised. The public-facing nodes on its network were placed under a Distributed Denial of Service (DDOS) attack from hackers, who had already stolen user credentials through phishing.

“We have repeatedly reminded users to keep their passwords safe and generate them locally – distributed ledgers are decentralized and immutable and users are responsible for the safekeeping of their own financial assets,” said David Sønstebø, co-founder of IOTA. (See also: Blockchain Wars: IOTA's Tangle Takes On Ethereum.) 

In response to the attack, IOTA published a blog post advising users of their responsibilities while purchasing and transacting with the cryptocurrency. The IOTA Foundation has also a set up an online community called IOTA Discord where users of the cryptocurrency can seek help from others and members of IOTA’s support team.

Here are a couple of things that users can do to keep their IOTA safe. 

1. Generate A Strong Seed 

Bitcoin generates a private key for users. IOTA is different. It requires users to generate their own "seed," the cryptocurrency’s equivalent of a private key.

IOTA seeds are alphanumeric combinations of 81 characters. The IOTA seed should be random. This means that it should have a mix of random characters that makes it difficult to guess the seed. 

IOTA users have the choice of generating their own seeds or using a tool for the task. The theft described earlier was committed using an online phishing site, which passed itself off as a place for generating IOTA seeds. Hence, the team behind IOTA does not recommend using online seed generators. 

Users can also generate new seeds using the following commands in Linux and Mac OSX:

  • cat /dev/urandom |tr -dc A-Z9|head -c${1:-81}(Linux)
  • cat /dev/urandom |LC_ALL=C tr -dc 'A-Z9' | fold -w 81 | head -n 1 (Mac) 

2. Change The Seed

The IOTA Foundation recommends that you copy the seed to an online password database, such as KeePass. While copying the seed to the database, you should randomly change 10 letters within the key before saving it. The idea is to make your seed truly random and difficult to guess and ensure that it is only your responsibility

“After doing these steps, you can be 100% sure, or as close to it technically possible, that the seed is sufficiently random and that you are the only person who has ever had access to your seed,” writes the IOTA team. 

3. Store The Seed 

After generating a strong seed and saving it, you need to store it. The options for storing IOTA seeds are similar to those for bitcoin. You can store seeds in cold storage (or offline) or you can store them in encrypted disks. 

If you prefer to do the former, then it is advisable to take a printout from your home computer (and not a public one) and keep the printed copy under lock and key, whether in a public safe or at home. The IOTA team also recommends keeping a backup copy of your seed in a public locker. 

If you plan on storing your seed in a disk, make sure that it is encrypted and requires passwords for logging in. The same holds true online password databases or password managers.

The basic idea behind this strategy is to multiply the number of encryptions that protect your seed. This will make it difficult for hackers to access your seed. You should also never leave your hardware disks lying around or place them under the care of people you do not know. 

The Bottom Line  

The theft of IOTA’s cryptocurrency from public nodes has generated concerns about its security among users. Through careful planning and safekeeping, however, users can keep their IOTA safe and away from the prying code of hackers.

Investing in cryptocurrencies and other Initial Coin Offerings (“ICOs”) is highly risky and speculative, and this article is not a recommendation by Investopedia or the writer to invest in cryptocurrencies or other ICOs. Since each individual's situation is unique, a qualified professional should always be consulted before making any financial decisions. Investopedia makes no representations or warranties as to the accuracy or timeliness of the information contained herein. 

Want to learn how to invest?

Get a free 10 week email series that will teach you how to start investing.

Delivered twice a week, straight to your inbox.