![image](https://img.esteem.ws/36y2mqjkjw.jpg)

Recently the MIT Media Lab had disclosed a critical bug  in to IOTA cryptocurrency. The credit goes to Neha Narula, Ethan Heilman, Tadge Dryja and Madars Virza. They found a serious vulnerability in the Github repository. This critical vulnerabilty was related to IOTA's own hash function curl. The Hash Function of curl of IOTA was vulnerable to a well-known technique for breaking hash functions called differential cryptanalysis, which we they used to generate practical collisions. The technique was used to produce two bundles in IOTA. The problem with this is that the bundles are different but have same Hash Value, which means they have same signature. This can be used to destroy user funds or steal them. 


***Vulnerability is patched***
This vulnerability has been fixed for now by the IOTA team but the MIT-Team says that IOTA is still using the old Curl hash function in some places in its software.  IOTA developers do not agree with our characterization of this as an issue of concern.



The MIT-Team also points out that the transaction on IOTA are 10kb which is not suitable for devices with less storage. This creates a conflict as IOTA is all about IOT which generally have very limited storage. 

The MIT-Team has been very critical of this as IOTA being in Top 10 cryptocurrency, we do not expect such mistakes. They have done a fantastic job of making the vulnerability public after it was patched. 


***The Golden Rule***
Developers should be more careful about these things and never break the first rule in cryptographic systems is “don’t roll your own crypto.”

Here is the link below of the report by the MIT-Team if someone wants more details.
https://github.com/mit-dci/tangled-curl/blob/master/vuln-iota.md

# Upvote,Comment and Resteem and Follow @siddm96

 ![image](https://steemitimages.com/0x0/http://yesterdaysthimble.com/wp-content/uploads/2014/07/Image_11.gif)