The MIT Tech Review ran a scathing review of the IOTA protocol’s insecurities, but plenty of other reputable institutions appeared to endorse the project by inviting the founders to speak about IOTA at academic and professional events. Wall described this as the founding team, which launched the IOTA token in 2015, being “very effective at pushing out news about ‘partnerships.’”
The IOTA coordinator node responsible for confirming all transactions has been offline for more than 12 days, yet the token remains listed as one of the top 30 cryptocurrencies by market cap, according to OnChainFX. Its price even went up.
There are few cryptocurrencies as notorious as IOTA, which skyrocketed from $0.34 a token in November 2017 to $5.36 by the top of the token boom in December 2017. Eric Wall, CIO of the Nordic cryptocurrency investment firm Arcane Assets, described the project as “the worst coin to have gotten as high as it did.”
“The sort of meta-question the industry is asking itself is whether IOTA can successfully keep their partnerships and convert themselves into somewhat of a success by replacing the technology pieces as they go, without having had any viable plan whatsoever when they began”, Wall said. “They’re pushing the boundaries of the fake-it-till-you-make-it approach to the extreme.”
Back at the peak in 2017, I was a green crypto reporter approached by the press team for former beauty queen and reality TV contestant Jessica VerSteeg, who wanted to open a cannabis business in California. We’d seen press releases about an “official partnership” between the Germany-based IOTA Foundation and Microsoft, which the incumbent tech company later denied, as well as various universities. VerSteeg wanted to use the IOTA protocol, named for its proposed functionality with internet-of-things (IoT) devices, in a coworking space for cannabis startups.
Among technologists, the IOTA Foundation became known for scandalous emails in 2018 between IOTA Foundation co-founder David Sonstebo and Neha Narula of MIT’s Digital Currency Initiative. He accused the researcher of helping CoinDesk prematurely publish vulnerabilities in the IOTA software and violating professional disclosure norms. (She denied both.) By 2019, members of the IOTA community earned a reputation for routinely harassing women security experts, like Open Privacy founder Sarah Jamie Lewis, who found flaws in IOTA research.
Plus, VerSteeg’s token-friendly coworking venture for the cannabis industry shuttered after fines from the U.S. Securities and Exchange Commission (SEC). The website and social media accounts for the token project are still up, but her personal social media accounts haven’t been active since the fall of 2019.
(Sonstebo denied working with VerSteeg, despite the fact that my 2017 article quoted him speaking about the project.) VerSteeg could not be reached for comment. Her old email accounts bounce back and former press associates don’t know how to reach her. IOTA co-founder Dominik Schiener said he doesn’t know what happened to her and working together “turned out to be a mistake.”
None of this quelled interest in the project. The IOTA subreddit, with more than 114,000 subscribers, still has hundreds of daily active users and the nonprofit is now a member of the Linux Foundation.
Single point of failure
The IOTA Foundation turned off the coordinator node in February 2020 to stop an attacker from stealing funds from the foundation’s wallet service for retail investors, highlighting the fundamental challenge of decentralizing a crypto project.
“The cryptography community doesn’t even know what to say about them at this point”, said cryptographer Mario Costa, who works on the XX Network. “First their custom-made hash-function was broken and you could forge transactions. Now they had to shut down their network because their wallet was hacked. This is insane because you should not be able to shut down a decentralized network.”
IOTA’s Schiener said the vulnerability, which led to stolen funds from 50 IOTA holders, came from a botched integration job with the fiat-to-crypto broker MoonPay.
“It was not absolutely secure, in terms of the infrastructure that we’d done”, he admitted, adding the foundation is fixing the code and researching a mechanism for no longer relying on the foundation’s coordinator node. He said that will make the network of roughly 1,000 regular nodes “truly decentralized.”
The hack came just days after another IOTA Foundation scandal, when co-founder Sergey Ivancheglo left the foundation and demanded 25 million IOTA tokens as his share of the project (worth roughly $6.3 million). Sonstebo said the team has matured since they feuded with academics in the past, but Schiener’s blog post about the split used troubling language.
Schiener referred to the IOTA Foundation as “the brand which I single-handedly conceived” and that “naturally” his former colleague will never “own it IOTA” again. Even if Schiener means a proverbial share in the non-profit, not tokens, both men referred to IOTA as “my” assets or project, which may contradict the idea that they aim to create a decentralized network. The funds they are referring to, Sonstebo said, are 51 million IOTA tokens people bought but haven’t claimed from the sale.
“We haven’t had requests since 2017”, Sonstebo said of those unclaimed tokens.
However, Sonstebo said the founders didn’t allot themselves any tokens and that the foundation’s staff of 120 people are paid through a combination of community donations and corporate consulting gigs. Unlike the Ethereum Foundation, so far there aren’t any clients using the IOTA protocol beyond research and pilots, which sometimes include patents. As such, the nonprofit’s priority this year is finding a partner for live products.
“This year we’re really focused on making sure our technology is mature enough to have real, live products”, Schiener said.