University College London, better known as UCL has officially terminated its ties with the IOTA Foundation as a response to the legal threats made by IOTA foundation against cybersecurity researchers.
Patrick McCorry, a security researcher at UCL’s Initiative for CryptoCurrencies and Contracts, revealed the official statement from UCL which emphasized researchers should not fall victim to lawsuits for disclosing their findings and added that other universities and colleges should follow UCL and terminate ties with foundations that threaten researchers with lawsuits.
From UCL’s official statement:
“UCL Centre for Blockchain Technologies is no longer associated with the IOTA Foundation. In relation to recent news report, we reaffirm our support for open security research, as a prerequisite for understanding the assurances provided by any blockchain technology. It is inappropriate for security researchers to be subject to threats of legal action for disclosing their results.”
In February, Boston University’s Ethan Heilman along with a team of researchers at the Digital Currency Initiative (DCI) released a report exposing a flaw in IOTA’s hash function called Curl. The report, entitled “IOTA Vulnerability Report: Cryptanalysis of the Curl Hash Function Enabling Practical Signature Forgery Attacks on the IOTA Cryptocurrency,” said that the cryptography used by IOTA leaves the network vulnerable to forged signatures and potentially to stolen funds.
Almost immediately after the report was released, IOTA Co-founder Sergey Ivancheglo confirmed on social media that a team of lawyers at the IOTA Foundation is working to challenge the researchers and their findings.
Dan Guido, the security research firm CEO of Trail of Bits, told IEEE’s Morgen Peck that the emails sent by the IOTA Foundation were embarrassing for the project, as it lacked maturity and motivation for the foundation to improve their project and the vulnerabilities found in the IOTA protocol.
“I think the emails were extremely embarrassing for the IOTA project. They should convince anyone that IOTA lacks the technical leadership or, simply, the maturity to build their product,” said Guido.
Rick Dudley, a blockchain researcher based in New York, told Peck that the approach taken by the IOTA Foundation to hide the intricacies of the technology behind the IOTA blockchain network is antithetical to blockchains, which are supposed to be open systems.
“Basically, what they have done is written some source and papers that only describe part of the system. The rest of the system is secret. Which is completely antithetical to blockchains,” said Dudley.
In response to the report written by Peck and the statements of Guido and Dudley, IOTA co-founder Ivancheglo said that only one side was told in the report of Peck and the IOTA Foundation does not agree with the assessment that it did not attack researchers.
Researchers Still Unhappy
Steven Murdoch, a security researcher at the University College London and VASCO, emphasized that it is not acceptable for any organization or project to threaten researchers with lawsuits for disclosing their findings.
“As someone who has been on the receiving end of legal threats for my research, I consider it important to be clear that it is unacceptable to intimidate researchers for disclosing security flaws in good faith,” said Murdoch.
When CCN reached out to IOTA, the IOTA Foundation stated that it stands by the statement made by IOTA founder David Sønstebø, which read:
“100% agree with you. I denounce such acts entirely and the IOTA Foundation has condemned it repeatedly. Another unacceptable act is to willfully drive a false narrative such as Patrick McCorry is doing here for his own agenda.”
“An unfortunate side effect of the great promise from Distributed Ledger technologies and one of its applications (crypto) is a constant rivalry between projects for sheer profit, this permeates the entire space at the present and render legitimate topics as an afterthought,” added Sønstebø.
Featured Image from Shutterstock
Follow us on Telegram.