IOTA Threatens Researchers and Denies Critical Flaw – but Fixes it Anyway
Over the weekend, various high-level security researchers and academic cryptographers gave cryptocurrency project IOTA a failing grade – exposing a critical weakness and suggesting investors sell their coins while asking researchers to ignore or abandon the project.
The controversy began after a series of once-private emails from various IOTA team members and a group of external security researchers was leaked, putting on display the developers’ apathy and arrogance towards a critical flaw in IOTA’s foundation.
First and foremost, Boston University Ethan Heilman discovered that IOTA’s in-house hash function, titled Curl, was broken. Heilman and other researchers from the Digital Currency Initiative published a report exposing the flaw — and the team at IOTA didn’t like that.
If you want a postcard summary of why you should avoid the Iota project — with your brains and your money — this conversation is it. pic.twitter.com/lc8pR41M2W
— Matthew Green (@matthew_d_green) February 23, 2018
The leaked emails in response to the published report show an uncooperative team at IOTA dispute the researchers’ claims by calling it fraudulent. IOTA Co-founder Sergey Ivancheglo even immaturely threatened legal action against Heilman on Twitter:
He should be scared, there are lawyers working on that already.
— Come-from-Beyond (@c___f___b) February 19, 2018
Many IOTA fans have come to the defense of the project, but there can be little doubt that IOTA has temporarily — if not permanently — lost the support of the academic research community. Trail of Bits CEO Dan Guido told IEEE:
I think the emails were extremely embarrassing for the IOTA project. They should convince anyone that IOTA lacks the technical leadership or, simply, the maturity to build their product.
Other academic researchers have come to Heilman’s defense, many of which have announced their intention to boycott the project. Said University of Athens Ph.D. candidate Dionysis Zindros:
Given the shameful behavior of the IOTA organization against Matthew Green and Ethan Heilman threatening legal action against reputable researchers, I pledge not to responsibly disclose any security findings I've been looking into regarding IOTA and urge people to stop using it.
— Dionysis Zindros (@dionyziz) February 25, 2018
IOTA is one of the most successful cryptocurrencies in the emerging market, currently ranked 10th by market cap. At press time, IOTA coins (MIOTA) are trading at $1.93 apiece, and the cryptocurrency has a total market cap of $5,355,265,406. The price of MIOTA has remained relatively stable this far, despite the controversy.
Nevertheless, the leaked communications have also shown a brighter light on what many consider to be a rather-centralized form of “decentralized” cryptocurrency. As noted by IEEE, IOTA primarily relies on the activities of a “coordinator,” or central operator. As such, the IOTA team has worked hard to make their project far from transparent.
Rick Dudley, a New York City-based blockchain architecture advisor and consultant, told IEEE:
Basically, what they have done is written some source and papers that only describe part of the system. The rest of the system is secret. Which is completely antithetical to blockchains.
On Monday, IOTA issued a statement in which they “unequivocally condemn this leak.” Oh, by the way, they also reportedly fixed the issue they referred to as “fraudulent.” Good to know that the non-issue issue has been fixed.
Do you think this recent controversy has raised legitimate questions regarding the maturity of IOTA’s leadership? Have you lost faith in the project, or could you care less? Let us know in the comments below!
Images courtesy of Bitcoinist archives, Twitter.