Skip to main content
Sign in
Trinity Wallet1 decision on this page

Audit log

Every state-changing event for Trinity Wallet: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-28 18:46:24Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,777,478
    sig
    4mL4E8rkEq4Q…rFjfs3dhexplorer ↗
    hash
    3NtR9BEacnv6…kZDcbRaVsha256 → base58
    verifying row…full verify ↗
    canonical bytes (11148 B) ▸
    {"actor":"system:backfill","investigation_id":"b8da4d53-1b89-47b5-a180-0d4dcea34c10","kind":"publish","page_slug":"trinity-wallet","published_at":"2026-05-28T18:46:24.085Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Trinity Wallet","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/iotas-recent-2-million-attack-leaves-open-questions-to-the-projects-payment-processor-moonpay/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/","type":"other","url":""},{"credibility":3,"name":"https://news.sophos.com/en-us/2020/02/18/iota-shuts-down-network-temporarily-to-fight-wallet-hacker/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2020/03/12/iota-founder-personally-refunding-hack-losses-to-safeguard-projects-remaining-reserves","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/21683/iota-hack-compensation-founder-david-sonstebo-discord","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coinfomania.com/iota-foundation-restarts-the-coordinator/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/iota-network-relaunched-following-trinity-wallet-theft","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/56637/iota-foundation-expects-to-reactivate-network-by-march-2-following-2m-user-wallet-attack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.iota.org/trinity-attack-incident-part-3-key-learnings-takeaways-c933de22fd0a/","type":"other","url":""},{"credibility":3,"name":"https://slowmist.medium.com/slowmist-iota-analysis-4acfb477a093","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/iotaledger/trinity-wallet/","type":"other","url":""},{"credibility":3,"name":"https://blog.iota.org/the-next-steps-for-trinity-f9af3fc64736/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/cryptronics/what-recent-supply-chain-attacks-on-iota-and-monero-can-teach-us-about-blockchain-security-36f63876b539","type":"other","url":""}]}],"sources_used":[{"credibility":1,"name":"Trinity Attack Incident Part 1: Summary and next steps — IOTA Foundation","type":"official","url":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/"},{"credibility":1,"name":"Trinity Attack Incident Part 2: Trinity Seed Migration Plan — IOTA Foundation","type":"official","url":"https://blog.iota.org/trinity-attack-incident-part-2-trinity-seed-migration-plan-4c52086699b6/"},{"credibility":1,"name":"Trinity Attack Incident Part 3: Key Learnings and Takeaways — IOTA Foundation","type":"official","url":"https://blog.iota.org/trinity-attack-incident-part-3-key-learnings-takeaways-c933de22fd0a/"},{"credibility":1,"name":"IOTA Founder Personally Refunding Hack Losses — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2020/03/12/iota-founder-personally-refunding-hack-losses-to-safeguard-projects-remaining-reserves"},{"credibility":1,"name":"IOTA Foundation Suspends Network, Probes Fund Theft in Trinity Wallet — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2020/02/13/iota-foundation-suspends-network-probes-fund-theft-in-trinity-wallet"},{"credibility":1,"name":"IOTA Network Relaunched Following Trinity Wallet Theft — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/iota-network-relaunched-following-trinity-wallet-theft"},{"credibility":1,"name":"IOTA Foundation Expects to Reactivate Network by March 2 — The Block","type":"news_article","url":"https://www.theblock.co/post/56637/iota-foundation-expects-to-reactivate-network-by-march-2-following-2m-user-wallet-attack"},{"credibility":1,"name":"IOTA is Back Online Nearly a Month After $2 Million Attack — The Block","type":"news_article","url":"https://www.theblock.co/linked/58337/iota-is-back-online-nearly-a-month-after-2-million-attack-on-wallet-software-users"},{"credibility":2,"name":"IOTA Hack Compensation — Founder David Sonstebo Discord Announcement — Decrypt","type":"news_article","url":"https://decrypt.co/21683/iota-hack-compensation-founder-david-sonstebo-discord"},{"credibility":2,"name":"IOTA's Recent $2 Million Attack Leaves Open Questions To MoonPay — CryptoPotato","type":"news_article","url":"https://cryptopotato.com/iotas-recent-2-million-attack-leaves-open-questions-to-the-projects-payment-processor-moonpay/"},{"credibility":2,"name":"IOTA Shuts Down Network Temporarily to Fight Wallet Hacker — Sophos News","type":"news_article","url":"https://news.sophos.com/en-us/2020/02/18/iota-shuts-down-network-temporarily-to-fight-wallet-hacker/"},{"credibility":2,"name":"SlowMist: Analysis and Security Suggestions for the IOTA Major Coin Stolen Incident","type":"research","url":"https://slowmist.medium.com/slowmist-iota-analysis-4acfb477a093"},{"credibility":2,"name":"What Recent Supply Chain Attacks on IOTA and Monero Can Teach Us — Cryptonics/Medium","type":"research","url":"https://medium.com/cryptronics/what-recent-supply-chain-attacks-on-iota-and-monero-can-teach-us-about-blockchain-security-36f63876b539"},{"credibility":2,"name":"27 Days Later: IOTA Foundation Finally Restarts The Coordinator — CoinFomania","type":"news_article","url":"https://coinfomania.com/iota-foundation-restarts-the-coordinator/"},{"credibility":1,"name":"GitHub — iotaledger/trinity-wallet (archived repository)","type":"official","url":"https://github.com/iotaledger/trinity-wallet/"}],"summary":"Trinity Wallet was the official desktop and mobile software wallet for the IOTA cryptocurrency, developed and maintained by the IOTA Foundation. In February 2020, a supply chain attack exploiting a compromised MoonPay SDK delivered via CDN resulted in the theft of approximately 8.55 Ti (teraIOTA) worth roughly $2 million from 50 user seeds, forcing the IOTA Foundation to shut down the entire IOTA network for 27 days. Trinity was subsequently deprecated in April 2021 following the Chrysalis protocol upgrade, with the Firefly wallet introduced as its replacement.","timeline":[{"date":"2019-07-01","event":"Trinity Wallet officially released by the IOTA Foundation as the project's primary desktop and mobile wallet.","source":"IOTA Foundation Blog","source_url":"https://blog.iota.org/iota-foundation-releases-the-trinity-wallet-5e3db189fbb5/"},{"date":"2019-11-27","event":"Attacker executes DNS-interception proof of concept by leveraging a Cloudflare API key linked to MoonPay's infrastructure, beginning reconnaissance against MoonPay's CDN endpoints.","source":"IOTA Foundation — Trinity Attack Incident Part 1","source_url":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/"},{"date":"2019-12-17","event":"IOTA Foundation later determines this date as the start of the window during which Trinity users were at risk of seed theft.","source":"IOTA Foundation — Trinity Attack Incident Part 1","source_url":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/"},{"date":"2019-12-22","event":"Attacker evaluates a longer-running proof of concept refining malicious code and exfiltration techniques via MoonPay CDN.","source":"IOTA Foundation — Trinity Attack Incident Part 1","source_url":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/"},{"date":"2020-01-25","event":"Active attack on Trinity users commences; malicious MoonPay SDK begins being served to Trinity Wallet instances via CDN, capturing user seeds and passwords.","source":"IOTA Foundation — Trinity Attack Incident Part 1","source_url":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/"},{"date":"2020-02-11","event":"Attacker executes transactions using hijacked seeds, draining approximately 8.55 Ti (roughly $2 million) from 50 user accounts.","source":"IOTA Foundation — Trinity Attack Incident Part 1","source_url":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/"},{"date":"2020-02-12","event":"IOTA Foundation halts the Coordinator, suspending the entire IOTA network to stop further theft. All transaction confirmations cease.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2020/02/13/iota-foundation-suspends-network-probes-fund-theft-in-trinity-wallet"},{"date":"2020-02-15","event":"IOTA Foundation receives Cloudflare logs from MoonPay confirming unsanctioned API access dating to November 2019.","source":"IOTA Foundation — Trinity Attack Incident Part 1","source_url":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/"},{"date":"2020-02-17","event":"IOTA Foundation establishes end of the at-risk window for Trinity users.","source":"IOTA Foundation — Trinity Attack Incident Part 1","source_url":"https://blog.iota.org/trinity-attack-incident-part-1-summary-and-next-steps-8c7ccc4d81e8/"},{"date":"2020-02-29","event":"Seed migration period opens; IOTA Foundation releases dedicated migration tool for Trinity users to transfer funds to new seeds.","source":"IOTA Foundation — Trinity Attack Incident Part 2","source_url":"https://blog.iota.org/trinity-attack-incident-part-2-trinity-seed-migration-plan-4c52086699b6/"},{"date":"2020-03-06","event":"IOTA co-founder David Sonstebo announces via Discord he will personally reimburse all theft victims from his own IOTA holdings to protect Foundation reserves.","source":"Decrypt","source_url":"https://decrypt.co/21683/iota-hack-compensation-founder-david-sonstebo-discord"},{"date":"2020-03-07","event":"Seed migration period closes.","source":"IOTA Foundation — Trinity Attack Incident Part 2","source_url":"https://blog.iota.org/trinity-attack-incident-part-2-trinity-seed-migration-plan-4c52086699b6/"},{"date":"2020-03-10","event":"IOTA Foundation restarts the Coordinator after 27 days of network suspension; IOTA network returns to normal operation.","source":"CoinTelegraph","source_url":"https://cointelegraph.com/news/iota-network-relaunched-following-trinity-wallet-theft"},{"date":"2021-04-28","event":"Trinity Wallet officially deprecated with the Chrysalis protocol upgrade. Firefly wallet released as the replacement; users directed to migrate.","source":"GitHub — iotaledger/trinity-wallet","source_url":"https://github.com/iotaledger/trinity-wallet/"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 8fbcf8d8-f2dd-418f-bdf5-7045d99d84d4
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.