IOTA Cryptocurrency Devs are Drooling Idiots - Says UC Berkeley

• UC Berkeley and MIT researchers find serious security flaws in IOTA source code
• IOTA status as a credible cryptocurrency could be in jeopardy
• IOTA price still stable at $1.90 despite UC Berkeley and MIT email leaks

If you were looking for a reason NOT to invest in the Internet of Things based Cryptocurrency IOTA this year, UC Berkeley might have just come up with one.

In what IOTA is calling ‘the biggest cryptocurrency FUD attack in history,’ a batch of leaked emails has surfaced pertaining to an exchange between MIT’s Digital Currency Initiative and IOTA in July 2017. In the then exchange, it has been revealed that Boston University researcher Ethan Heilman, reached out directly to IOTA, in order to raise awareness of a security flaw which in theory, could let anyone forge IOTA transactions with relative ease.

Is IOTA an Inherently Flawed Cryptocurrency?

Just two weeks ago on February 22nd, German car manufacturer Volkswagen (VW) announced plans to start working closely with IOTA's development community. This being the case, up until 2-days ago, IOTA’s future was looking ultimately positive.

Sadly, news of IOTA’s partnership with VW has been undermined, thanks not just to news of potential security flaws in IOTA source code, but news of IOTA’s seeming reluctance to address these issues.

What IOTA Investors Need to Know

Summarizing the IOTA controversy briefly, up until August 2017, IOTA used a custom hashing function called Curl to reconcile IOTA transactions on the IOTA blockchain. (Strictly speaking the IOTA blockchain isn’t a blockchain but what IOTA calls a ‘tangle.’)

Problems started, however, when MIT and UC Berkeley researchers Neha Narula and Ethan Heilman, found that the Curl algorithm could be exploited by replay attacks. These being attacks where duplicate sets of information are used to dupe the IOTA network and steal users digital currency.

Sadly, instead of thanking Narula and Heilman for their insight, IOTA co-founder Sergey Ivancheglo, seems to have immediately gone on the offensive. Ivancheglo subsequently criticised the pair's findings as not being peer reviewed and argued that the exploit which they had discovered only worked “in a limited number of improbable situations.”

IOTA Stopped Using Curl Altogether in August 2017

Presumably because of the Narula and Heilman’s findings, August 2017 saw IOTA ditch the Curl hashing algorithm in question, in favor of a better documented opensource hashing algorithm called Keccak.

Needless to say, as far as IOTA is concerned, the current leak of private correspondence between Narula, Heilman, and IOTA is, therefore, nothing more than an attempt to sully IOTA’s reputation. There is just one problem. Namely, that several IOTA users have been reporting serious IOTA security flaws post-IOTA’s August algorithm change.

“On the IOTA tangle my transactions are confirmed, but the IOTAS never arrived at Bitfinex for months now, Bitfinex is not responding on my questions, the only thing they do is confirm that they have received my support tickets, so I am waiting for response from them for more than two months, and every week I fill in a new support ticket, it is a system that sucks.” - Github comment dated January 29th, 2018

What Seems to be the Problem with IOTA Really?

The problem for IOTA at present is that despite several strikingly similar user complaints on Github, IOTA developers are putting all news of missing IOTA funds down to basic user negligence.

As far an IOTA is concerned, any users whom experience problems using the IOTA wallet app, are simply losing IOTA digital currency tokens as a result of sending these to the wrong wallet addresses. Much more importantly, this seems to be why MIT researchers Narula and Heilman have decided to make public their private discussions with IOTA.

As Neha Narula has stated, the problem with IOTA in 2017, wasn’t so much the discovery of essentially rookie security vulnerabilities, but how IOTA reacted (and arguably is still reacting) to the discovery of potential vulnerabilities. Hence why as Narula told Motherboard magazine recently: “We made it very clear at the beginning of the email chain that if they stopped being professional and civil we would cease communication. - They stopped being professional and civil.”