IOTA

Security Researchers have rules about responsible disclosure, my dude.

At least if they want to not ruin their career

Quick rundown?
t. brainlet

>get someone to send you any amount of money(say, 10 miota or whatever the retarded unit is)
>replay that transaction which sends 10 miota from them to your address over and over, draining their wallet
It's that simple.

silver lining at least:

"Recommendation
All that needs to be done to fix this is keep track of the unique hash of each signed transaction bundle. With this information make a rule that the same bundle hash cannot be used twice within a subtangle.

Conclusion
As it stands at the time of writing IOTA has a security vulnerability consisting of replaying old transactions. It can be easily fixed as suggested in my recommendation."

To clarify, the vulnerable bit is that you don't need to prove ownership of the coins in order to replay the transactions, and the Coordinatorâ„¢ doesn't check if that set of transactions(the subtangle technically) has been added to the tangle before.

Shouldn't it be crashing rn?

>The coordinator will repeatedly approve the same bundle hash over and over. This means that while you may have signed a transaction to send 500 Miota it can be attached to the network 10 times draining the account of 5000 Miota.

You can force the iota "coordinator" to send transactions over and over. So, if you receive IOTA from a person once, you can steal everything from them, probably?

The worst case would probably be that someone could rob an exchange of all their iota if you can replay transactions from their cold wallet, to their hot wallet, to your own wallet. I don't know much about iota though.

I wonder if this can drain exchanges

You cant use the same address twice when sending funds. This is intentional. It is what makes Iota quantum resistant. It has been knowm about forever, it is not new news or a discovered bug. It is being pushed today because the CDO of Volkswagon just announced how deeply they are integrating Iota. Pic related.

If it could, it would've happened already. It's FUD time again. Guess what got announced today? Official VW partnership by the CTO of VW in cooperation with Bosch. What a convenient time to announce huge security vulnerabilities, huh!