IOTA says bulk of $11 million stolen tokens found, hacker worked alone

NEW YORK (Reuters) - A top official at technology group IOTA Foundation said most of the roughly $11 million in the company’s cryptocurrency stolen from investor wallets has been found, but the funds are being held to be used as evidence by law enforcement authorities against the alleged perpetrator of the heist.

Last week, Europol announced that it helped UK and German law enforcement agencies arrest a 36-year old man from Oxford, England, accused of stealing around 10 million euros (about $11.4 million) in IOTA coins from more than 85 victims around the world since January 2018.

With the growth of cryptocurrencies over the last three years, crime has become a huge problem, surging more than 400 percent in 2018, with investor losses of about $1.7 billion.

“From what we know, just a small amount of the 10 million euros has not been found,” Dominik Schiener, IOTA co-founder and co-chairman of its board, said in an interview with Reuters on Friday. “The exchanges have blocked the hacker’s accounts. He tried to free the money, but he did not succeed.”

Schiener said he worked with law enforcement on the case for several months.

Schiener said they first thought this was the work of an organized group, but it now looks like the hack was the work of an individual “who had a normal job and is well-educated.”

Europol in its statement last week declined to disclose the name of the hacker.

The investigation began in early 2018 when the Hessen State Police received complaints of money stolen from cryptocurrency wallets. Further investigations showed the existence of fraud originating from the website, targeting users of the IOTA cryptocurrency, Europol said.

IOTA wallets are protected by an 81-digit seed, similar to a password, which can be generated using seed-generators found online, such as on the IOTA website. Among the sites was a malicious seed-generator running on, Europol said.

Several victims who used had their seeds stored in the background by the service provider. The hacker used these to gain access to the victims’ wallets and transferred their money to wallets created with fake IDs, Europol said.

In the wake of last year’s hack, Berlin-based IOTA has partnered with Ledger Hardware Wallet. The Ledger Nano S hardware wallet enables users to protect the private keys for their IOTA tokens.

Reporting by Gertrude Chavez-Dreyfuss; Editing by Phil Berlowitz