IOTA Hashing Vulnerability
4 min read

The IOTA Hash Vulnerability that is Scaring Investors

By Editorial Team

For those people that were following the IOTA token price this week, they will have noticed that there were considerable downward movements on the news of a cryptographic vulnerability.

The vulnerability was discovered by a team of researchers from MIT and Boston University. They first became suspicious about potential for a vulnerability in the hashing process when they learned that the development team at IOTA had created their own hashing function.

This was a red flag for them as they knew that such functions are incredibly complex and require years of work and development. For example, the SHA-3 hashing function took over 9 years to develop through a cryptography competition with some of the brightest minds in the industry.

They then decided to look into the publically available code on Github and found the vulnerability in the hashing function. More particularly, they found that the hashing algorithm was able to produce “collisions”.

One would have thought that the 8th largest crypto currency by market cap with numerous sponsors from Microsoft to Cisco, UCL to BNY Mellon would have known the importance of using only the most established protocols.

What is a Collision?

A hashing collision is when a hash function with two separate inputs are able to hash to the same output. This is potentially disastrous for any crypto currency as it allows for the possibility that malicious actors can crack the hash function and forge signatures.

The whole purpose behind hash functions is that they are only one way functions. In other words, given an output it is extremely unlikely that you would be able to find an input. Similarly, even a minute change to the input should produce a completely different output.

This is done so that with a particular private key or signature, this would be unique to you only and no one would be able to use another private key that could produce the same hash. When there is a collision, this is the not the case.

If someone can use another private key that would hash to your public key then you have the potential for them to forge your signature. When someone can forge your signature then they can send funds in a fraudulent manner. Indeed, according to Bruce Schneier

In 2017, leaving your crypto algorithm vulnerable to differential cryptanalysis is a rookie mistake.

IOTA and Market Reaction

When the researchers alerted IOTA to the collision vulnerability in July, the developers quickly took notice. They issued a patch in August which seemed to no longer have the vulnerabilities that the researchers found.

Although this addressed the immediate concerns of the researchers, they were still quite sceptical about the general security on the IOTA protocol. The IOTA code is not open source so it made it harder for the researchers to vet other portions of the code such as the trusted co-ordinator.

The researchers also found other red flags such as their use of Ternary instead of Binary. This adds a layer of complexity that prevents IOTA from benefitting from established security protocols.

They also took issue with IOTA when it comes to the size of the transactions. The current 10kb size is much larger than Bitcoins size of 600 bytes. This means that it is not well suited to devices with limited storage.

When the researchers disclosed their findings to the market on the 6th of September, the price of IOTA started to take a dive. As one can see in the price chart below from coinmarketcap, IOTA has been reacting negatively. Market participants were aware of the potential for catastrophic failure in the currency from any hack. This was seen all too well when the DAO was hacked back in 2016 and the reaction to the price of Ether.

IOTA Price Reaction

What Do We Take From This?

Although the technology that underpins crypto currency and the block chain is indeed revolutionary, it is quite baffling that a Crypto Currency with a $2bn market cap can have such a vulnerability. Even more surprising was the fact that none of the advisors and partners raised red flags is also alarming.

As more and more ICOs hit the market such as Filecoins $237m raise, there are legitimate concerns about the potential for the lack of best practices from inexperienced developers.

The entire block chain is built on the notion of trust. Trust in the network to be honest to the protocol. When there is any uncertainty to the security on the network it could have adverse side effects. Hence, if any large organisation, venture capital fund or reputable individual is to put their name to a technology they have to be 100% confident in the underlying technology.

Editors at large. Posting the latest news, reviews and analysis to hit the blockchain.
View all posts by Editorial Team -> Best Crypto Deals ->

Latest Posts

Huobi Global Review
Huobi Global Review 2022: Good Exchange with DEEP Liquidity
Huobi Global Review

Huobi Global Review 2022: Good Exchange with DEEP Liquidity

June 29, 2022 37 min read
FTX vs FTX US Review
FTX vs FTX US: Which one is BEST for You?
FTX vs FTX US Review

FTX vs FTX US: Which one is BEST for You?

June 27, 2022 14 min read
Bancor Review
Bancor Review: Impermanent Loss Protector?
Bancor Review

Bancor Review: Impermanent Loss Protector?

June 22, 2022 15 min read
Bridge Mutual Review
Bridge Mutual: Insurance for your Crypto
Bridge Mutual Review

Bridge Mutual: Insurance for your Crypto

June 22nd, 2022 22 min read
Serum Review
Serum Review: Solana’s One-Stop DeFi Toolbelt
Serum Review

Serum Review: Solana’s One-Stop DeFi Toolbelt

June 16, 2022 17 min read
Raydium Review: Solana’s DeFi Liquidity Mammoth

Raydium Review: Solana’s DeFi Liquidity Mammoth

June 11, 2022 17 min read
crypto com
Crypto.com Exchange Review 2022: A World-Class Crypto Exchange
crypto com

Crypto.com Exchange Review 2022: A World-Class Crypto Exchange

June 14th, 2022 30 min read

Related Posts

Huobi Global Review
Huobi Global Review 2022: Good Exchange with DEEP Liquidity
Huobi Global Review

Huobi Global Review 2022: Good Exchange with DEEP Liquidity

June 29, 2022 37 min read
FTX vs FTX US Review
FTX vs FTX US: Which one is BEST for You?
FTX vs FTX US Review

FTX vs FTX US: Which one is BEST for You?

June 27, 2022 14 min read
Bancor Review
Bancor Review: Impermanent Loss Protector?
Bancor Review

Bancor Review: Impermanent Loss Protector?

June 22, 2022 15 min read
Bridge Mutual Review
Bridge Mutual: Insurance for your Crypto
Bridge Mutual Review

Bridge Mutual: Insurance for your Crypto

June 22nd, 2022 22 min read
Serum Review
Serum Review: Solana’s One-Stop DeFi Toolbelt
Serum Review

Serum Review: Solana’s One-Stop DeFi Toolbelt

June 16, 2022 17 min read
Raydium Review: Solana’s DeFi Liquidity Mammoth

Raydium Review: Solana’s DeFi Liquidity Mammoth

June 11, 2022 17 min read
Top Desktop Crypto Wallets
The 8 Best Desktop Wallets in 2022
Top Desktop Crypto Wallets

The 8 Best Desktop Wallets in 2022

May 30, 2022 16 min read