Trinity Wallet

2019-07-01

Trinity Wallet officially released by the IOTA Foundation as the project's primary desktop and mobile wallet.

2019-11-27

Attacker executes DNS-interception proof of concept by leveraging a Cloudflare API key linked to MoonPay's infrastructure, beginning reconnaissance against MoonPay's CDN endpoints.

2019-12-17

IOTA Foundation later determines this date as the start of the window during which Trinity users were at risk of seed theft.

2019-12-22

Attacker evaluates a longer-running proof of concept refining malicious code and exfiltration techniques via MoonPay CDN.

2020-01-25

Active attack on Trinity users commences; malicious MoonPay SDK begins being served to Trinity Wallet instances via CDN, capturing user seeds and passwords.

2020-02-11

Attacker executes transactions using hijacked seeds, draining approximately 8.55 Ti (roughly $2 million) from 50 user accounts.

2020-02-12

IOTA Foundation halts the Coordinator, suspending the entire IOTA network to stop further theft. All transaction confirmations cease.

2020-02-15

IOTA Foundation receives Cloudflare logs from MoonPay confirming unsanctioned API access dating to November 2019.

2020-02-17

IOTA Foundation establishes end of the at-risk window for Trinity users.

2020-02-29

Seed migration period opens; IOTA Foundation releases dedicated migration tool for Trinity users to transfer funds to new seeds.

2020-03-06

IOTA co-founder David Sonstebo announces via Discord he will personally reimburse all theft victims from his own IOTA holdings to protect Foundation reserves.

2020-03-07

Seed migration period closes.

2020-03-10

IOTA Foundation restarts the Coordinator after 27 days of network suspension; IOTA network returns to normal operation.

2021-04-28

Trinity Wallet officially deprecated with the Chrysalis protocol upgrade. Firefly wallet released as the replacement; users directed to migrate.