How To Keep Your IOTA Cryptocurrency, MIOTA, Safe

IOTA, a cryptocurrency platform for the Internet of Things ecosystem, was in trouble recently after hackers stole passwords for user wallets and decamped with $4 million worth of coins. The theft generated headlines, and critics were quick to pounce on IOTA and called it “a horrible, horrible, terrible cryptocurrency” for not protecting users from such attacks.

However, that criticism misses the important fact that IOTA itself was not compromised. The public-facing nodes on its network were placed under a Distributed Denial of Service (DDoS) attack from hackers, who had already stolen user credentials through phishing.

“We have repeatedly reminded users to keep their passwords safe and generate them locally—distributed ledgers are decentralized and immutable and users are responsible for the safekeeping of their own financial assets,” said David Sønstebø, co-founder of IOTA.

In response to the attack, IOTA published a blog post advising users of their responsibilities while purchasing and transacting with the cryptocurrency. The IOTA Foundation has also set up an online community called IOTA Discord where users of the cryptocurrency can seek help from others and members of IOTA’s support team.

Here are a couple of things that users can do to keep their IOTA safe. 

1. Generate a Strong Seed 

Bitcoin generates a private key for users. IOTA is different. It requires users to generate their own "seed," the cryptocurrency’s equivalent of a private key.

IOTA seeds are alphanumeric combinations of 81 characters. The IOTA seed should be random. This means that it should have a mix of random characters that makes it difficult to guess the seed.

IOTA users have the choice of generating their own seeds or using a tool for the task. The theft described earlier was committed using an online phishing site, which passed itself off as a place for generating IOTA seeds. Hence, the team behind IOTA does not recommend using online seed generators.

Users can also generate new seeds using the following commands in Linux and Mac OSX:

  • cat /dev/urandom |tr -dc A-Z9|head -c${1:-81} (Linux)
  • cat /dev/urandom |LC_ALL=C tr -dc 'A-Z9' | fold -w 81 | head -n 1 (Mac)

2. Change the Seed

The IOTA Foundation recommends that you copy the seed to an online password database, such as KeePass. While copying the seed to the database, you should randomly change 10 letters within the key before saving it. The idea is to make your seed truly random and difficult to guess and ensure that it is only your responsibility.

“After doing these steps, you can be 100% sure, or as close to it technically possible, that your seed is sufficiently random and that you are the only person who has ever had access to your seed,” writes the IOTA team.

3. Store the Seed 

After generating a strong seed and saving it, you need to store it. The options for storing IOTA seeds are similar to those for bitcoin. You can store seeds in cold storage (or offline) or you can store them in encrypted disks. 

If you prefer to do the former, then it is advisable to take a printout from your home computer (and not a public one) and keep the printed copy under lock and key, whether in a public safe or at home.

If you plan on storing your seed in a disk, make sure that it is encrypted and requires passwords for logging in. The same holds true for online password databases or password managers.

The basic idea behind this strategy is to multiply the number of encryptions that protect your seed. This will make it difficult for hackers to access your seed. You should also never leave your hardware disks lying around or place them under the care of people you do not know. 

The Bottom Line 

The theft of IOTA’s cryptocurrency from public nodes has generated concerns about its security among users. Through careful planning and safekeeping, however, users can keep their IOTA safe and away from the prying code of hackers.

Investing in cryptocurrencies and other Initial Coin Offerings (“ICOs”) is highly risky and speculative, and this article is not a recommendation by Investopedia or the writer to invest in cryptocurrencies or other ICOs. Since each individual's situation is unique, a qualified professional should always be consulted before making any financial decisions. Investopedia makes no representations or warranties as to the accuracy or timeliness of the information contained herein. 

Article Sources
Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. "IOTA Attacked for Subpar Wallet Security Following $4m Hack."

  2. IOTA. "The Secret to Security — Is Secrecy."

  3. IOTA. "Secure IOTA Tokens."

Take the Next Step to Invest
The offers that appear in this table are from partnerships from which Investopedia receives compensation. This compensation may impact how and where listings appear. Investopedia does not include all offers available in the marketplace.