Competitors and Amy Castor: a tale on reputation usage and a campaign to discredit IOTA

Competitors and Amy Castor: a tale on reputation usage and a campaign to discredit IOTA

Disclaimer. I’m invested in IOTA, Ethereum, and Bitcoin. I’m not connected to the IOTA foundation and the following post is my own work and opinion. This is not meant to deter the collaboration of legitimate scientists. The IOTA Foundation is always grateful if thinkers help IOTAs adoption and vision.

Bells and Whistles

This is my response to the “responsible disclosure” of would-be neutral scientists that are destroying the reputation of IOTA, but also of the MIT, the Boston University, and Forbes.

In these times, fake-news and tinfoil stories can be found everywhere. The following post could be just a big coincidence, but if we allow ourselves in connecting some dots, maybe we get a better picture of “cryptoland”.

I’ll say it upfront: Competing projects try to harm IOTA as much as possible.

Let me start with this tweet of “fnord” because this pretty much sums up my motivation to write this summary.

On this blog, I usually try to stick to straight facts and relevant, legit news about IOTA. No Bells and whistles, Just information. 

We also expect straight facts and objective information when we visit pages like Forbes or when we read peer-reviews from MIT and BU scientists, but apparently, this is not the case.

Therefore, I decided to leave the path of tech news around IOTA for a moment, in order to draw a picture of how competition in this sphere works.

Recently we witnessed a misinformation campaign of highest magnitude in order to harm IOTA’s reputation. And I’m going to explain why.

It is vital to understand that some innovators in this innovative field of cryptocurrencies act in their own best interest. As rational deciding homo oeconomicus in this game of blockchains.

You may have seen the big headlines about IOTA: “MIT And BU Researchers Uncover Critical Security Flaw In $2B Cryptocurrency IOTA” following the “vulnerability report

The report was done by:

Ethan Heilman (Boston University, DAGlabs, Paragon Foundation – joint collaboration with Spectre, another DAG project, Commonwealth Crypto, Dev of a Bitcoin anonymity transaction Hub),
Neha Narula (MIT Media Lab),
Thaddeus Dryja (MIT Media Lab, Lightning Network Dev),
Madars Virza (MIT Media Lab, co-founded Zerocoin Protocol that Zcash is using, advising Zcash.)

The Forbes Article was written by:
Amy Castor (Independent writer at Bitcoin Magazine and Forbes)

Sergey Ivancheglo, main developer of the Tangle and creator of proof of stake, known as Come-from-Beyond, responded on several channels and closed the case.

The IOTA foundation also published an answer.

Unwinding all the details becomes unnecessary, but I’ll highlight the important ones:

  • IOTA has never been hacked.
  • CURL was tested under ludicrous conditions. The victim’s system would be running malicious code. In those conditions, stealing the key is trivial and much easier and effective. (custom wallet)
  • The discussed signing algorithm CURL was in an old version of IOTA, that was patched weeks ago. IOTA is using SHA-3/Keccak right now, there was no vulnerability to start with, but even less of a chance after that change.
  • the apparent flaw was, as revealed instead, an intended copy protection mechanism
  • No funds were or are at risk.
  • The Forbes headline, as well as the vulnerability report, suggested that the alleged flaw is still in play.
  • Yesterday there was an attack on the network, effectively defended by the presence of the Coordinator function. The IOTA team will be posting all the details in a blog entry.
  • IOTA’s valuation and price were directly and significantly affected by those actions, adding to the general value loss that has been affecting the whole crypto world this last week.


The headline takes effect

After IOTA supporters reminded the cryptographers that this is unethical and hardly a “responsible disclosure”, they reacted as if they were neutral and rather victims of an unjustified shitstorm:

I just give you the blank tweets.

In the meantime, Ethan Heilmann retweets an incredible total of 49 defamatory and blatant tweets. These were clearly, important and necessary actions by any reputable, objective scientist, both in content and form.

A few examples:




Madars Virza follows the crowd and tweets funny stuff about the legitimacy of the whole idea of IOTA:

David Sønstebø offers an open debate because the claims are wrong, but he gets no response:


Matthew Green, Co-worker of Madars Virza, ZCash, starts to attack IOTA and Sergey Ivancheglo. People from Zcash stepping in? Coincidence:

Another ZCash Co-Founder and developer tweets against IOTA, coincidence:

Bitcoin Core Developer Peter Todd reacts:

One of many Twitter-reactions by Amy Castor, that already blocked me, and many other accounts that expressed criticism:


Amy Castor is already convinced that IOTA is a scam. She is working for Bitcoin Magazine and she’s a member of the Bitcoin Core Slack. Again, just another coincidence. Her agenda “don’t roll your own crypto” seems like a general campaign against former or recent initial coin offerings ( ICO’s)

Numerous tweets show her biased stance against IOTA. Some of which are pointing to sources on Bitcointalk and weird websites, that obviously try to discredit IOTA. Some others are just asking to know what are David Sønstebø’s benefits, what his incentive is for creating IOTA. – this is something that he explained more than once in a very clear way.

On top of that, Bitcoin Evangelist Andreas M. Antonopoulos tweets misinformation to justify the smear campaign:

Meltem Demirors – Director at DCG (Investor of ZCash) coincidence:

Responsible disclosure

Now, apart from this little list of tweets against IOTA, I’m going to look at the definition of “responsible disclosure“.
it says:

Responsible disclosure is a computer security term describing a vulnerability disclosure model. It is like full disclosure, with the addition that all stakeholders agree to allow a period of time for the vulnerability to be patched before publishing the details. Developers of hardware and software often require time and resources to repair their mistakes. Hackers and computer security scientists have the opinion that it is their social responsibility to make the public aware of vulnerabilities with a high impact. Hiding these problems could cause a feeling of false security. To avoid this, the involved parties join forces and agree on a period of time for repairing the vulnerability and preventing any future damage.

As we already know, the report of the Zcash, DAGlabs and Lighting Network devs was written as if there was a problem in effect, although the issue was already corrected.

Also, the Forbes article, that is written in present tense followed by the meetup title.

I conclude that in this case there is no “social responsibility to make the public aware of vulnerabilities with a high impact” because there is neither a vulnerability nor high impact.

Apparently, however, they seem to have the need to showcase IOTA’s alleged vulnerability, because the cryptographer decided to set up a live stream meetup to break CURL, the signing algorithm of IOTA.

They write:

“Now that all parties are out of stealth mode, I can formally announce that Ethan Heilman will be demonstrating how he, along with three researchers from MIT Digital Currency Initiative (DCI), broke IOTA’s nonstandard “Curl” hash function.

By doing so, they revealed in a $2B cryptocurrency a serious security flaw that could have allowed a hacker to steal user funds. (IOTA has since lost about 25 percent of its value, according to Coin Market Cap.)”

And they seem to also assume that when all cryptos are taking a plunge, IOTA shouldn’t have been affected. Even more interesting.

Now, to draw a conclusion

In theory, IOTA is a technology that is able to outperform almost every other cryptocurrency.

Especially the Lightning Network, that is trying to address Bitcoins scaling problems, and Zcash, that is possibly threatened by Masked Authenticated Messaging are in a direct competition with IOTA, let alone DAGlabs.

If independent scientists of a renowned faculty like the MIT or Boston University claim to be able to break IOTA, people listen, the market reacts immediately.

In order to make the public aware of vulnerabilities with a high impact, and to save people from losing money, they did disclose information in an unethical and wrong way, which added significantly to the loss of valuation. If that is not irony, I don’t know what is.

But these guys are not just rational, independent scientists. These people are investors and developers of competing projects, so no wonder that the tweets were written accordingly. Coincidental of course.

Direct conflicts of interest:

To support my thesis that this is a coordinated effort I point out the blatant and obvious conflicts of interest.

  • Ethan Heilmann and developer of, a direct competitor to IOTA (also Bitcoin Core developers involved). Due to almost 50 anti-IOTA tweets, I assume that he wants to change the sentiment or just coincidence
  • His project DAGlabs is in a fundraising right now. A direct competitor developing their own DAG solution and currently trying to acquire Series A funding partners. Coincidence.
  • Madars Virza is Zcash Co-founder, a direct competitor to IOTA (is heavily supported by Matthew Green and Ian Miers, both ZCash). Coincidence
  • Amy Castor is working for Bitcoin Magazin and is postulating questionable insults against the IOTA Founder while she is a member of the Bitcoin Core Slack and following an anti-ICO agenda. Bitcoin Magazine. Coincidence
  • To Cite Satoshiwatch: “Amy Castor – who propagated MIT’s malicious report/attack in the Forbes, is a writer for CoinDesk, Barry Silbert’s Digital Currency Group (DCG)
    -“DCG ownership and crypto-investments include Zcash, Ripple, Rootstock, and etc.” Coincidence
  • Tadge Dryja is working for the Bitcoin Lightning Network, a direct competitor of IOTA. Coincidence

All in all 4 people of ZCash involved. Madars Virza, Matthew Green, Ian Miers, Meltem Demirors Coincidence.

Centralization of the Coordinator:

Concerning the coordinator(Coo), it seems like no one is missing an opportunity to point out that the Coo centralizes IOTA. The Coo is a special node in the hands of the IOTA Foundation that sets milestones in order to prevent Sybil attacks.

If people want to attack the network, they try to become an omnipresence in order to conduct doublespends.

This protection is necessary as long as the network is in its infancy. The transparency compendium pointed this out and it’s common knowledge, that it’s solely for the purpose of protection. The developers cannot alter transaction or access seeds.

Just the day before yesterday, an attacker tried to take over the Tangle.

To make it clear what’s happening, he added a tag to the transaction: “BZWFL99FUCK9CORE99LETS9FORK

The coordinator prevented a takeover from happening, everything is safe and sound.

But its purpose to protect the users of IOTA is of low significance, as it seems. People rather point out that due to the Coordinator, the whole system, idea, network is worthless. What a hypocrisy considering their biased stance.

At this point, I’m asking myself, why are these people insisting that the coordinator is a bad component? Obviously, the term centralization is undefined, because looking at this definition I could just claim that IOTA is still decentralized, especially because there are no blocks, no miners, the validation of transaction is not decoupled but in the hand of the users, unlike Consensus at Bitcoin. The comparison between blockchains and the Tangle looks therefore wrong, because of the “centralized part”, the coordinator has no participation in the consensus model.


When I look at Bitcoin, the true centralization happens due to the power of miners, where five of the biggest mining farms set 51% of the global Bitcoin hashpower.

Furthermore the centralization of developers, one can easily recognize when you look how many Bitcoin Core developers are connected with side projects or react in unison when a shitstorm is formed.

An incestuous innovation ivory tower, if you ask me.

If this was only about following science ethics, why would they fabricate a lurid headline, that clearly suggests that IOTA is still vulnerable?
Why would objective scientists talk about a crashing price and retweet dozens of tweets with an anti-IOTA sentiment?
Why would they decide to make a live-stream to showcase how to break CURL, although it’s not used anymore?

As a side note: The IOTA devs have not been invited to defend themselves or to talk about their point of view.

Since none of the mentioned persons kept a neutral stance, I can only conclude that this is a coordinated effort to destroy IOTAs reputation as ultima ratio because IOTA threatens their own projects.

Neha Narula, as the director of the MIT Media Labs, missed the chance to provide an independent peer-review of IOTAs -not in use- signing algorithm CURL.
Instead, she allowed that her team used its personal bias for their own purposes.

Amy Castor abandoned the ethics of journalism: “The duty of the journalist is to further those ends (justice and the foundation of democracy) by seeking truth and providing a fair and comprehensive account of events and issues.” when she started ranting her personal agenda like a bulldozer and furthermore acted highly unprofessional against IOTA Founder David Sønstebø.

Her lacking ethics may be motivated by the fact that she has written about Zcash, at this point I can only assume that she owns Zcash, or it’s just another coincidence:

This “responsible disclosure” is not the work of objective, competent scientists of the Massachusetts Institute of Technology or the Boston University as proclaimed. This is the epitome of a conflict of interest, where people use the names of big institutes.

In the game-theory, there are only rational agents. It seems these scientists are rational in that sense.

To cite Prof. Dr. Harald Lesch: “The economization of science is a problem: performance instead of position.”
-Especially in the field of crypto currencies.

Interesting to see that Zcash, DAGlabs and Bitcoin enthusiasts develop the same habits when they talk about IOTA, the same kind of habits that banks used to, when they talked about Bitcoin back in the days.

So if this is the business conduct of the MIT Media Lab, the Boston University or Forbes, I wonder where we can still find unbiased science and information.

What a great coincidence.

Casus ubique valet! Semper tibi pendeat hamus! Quo minime credis gurgite, piscis erit!

10 Replies to “Competitors and Amy Castor: a tale on reputation usage and a campaign to discredit IOTA”

  1. Limo, I’m a big IOTA-Hodler and I’m clearly on the IOTA-side. But I think its not useful to “draw a picture how cryptoland works.” If the MIT scientists are right, then we’ll all pay with our risky investment. If they are wrong and IOTA runs solid, decentralized and long-term we will enjoy our future profits. That’s it. At the moment I think both is possible but it won’t be a group of scientists or journalists to decide this.

    For the outside perception of IOTA it is important to be a smart, objective and kind community. It’s important because we need thousands of developers around the world to work on many different IOTA-projects, to grow the ecosystem and to reach a critical mass for adoption. Lot’s of these developers work will be done in there freetime and their motivation will partly depend on the feeling, to work with and for a great community.

    To point the finger on persons who criticize the project is not the appropriate way to face the critic. Whatever their goals may be, we don’t know it. Just let the devs give them an objective answer, because these are the only people with enough knowledge to talk about. And then let the tech speak for itself.

    If you want to be useful as a german based blog. Try to organize a video interview with David Sonstebo for example. I never saw him speak somewhere (besides this and there is literally just one picture of him the net (the one with the beard). To see smart people talk on the camera builds trust. To not see them, not. The only “visible” guy of the IOTA-Team is Dom Schiener. I think one of the many success factors of Ethereum were the handful of credible people talking and explaining Ethereum to different people and target groups. I know that the IOTA-Team talks a lot with different people but this should be more visible. See this interview with one of the Ethereum lead-developer Gavin Wood after the DAO-Crash
    This builds trust.

    1. > To point the finger on persons who criticize the project is not the appropriate way to face the critic.

      Yeah, I get it. It’s better to hide in the closet than talking about the actual truth.
      Nothing of my claims is wrong, there IS a conflict of interest, so pardon me, but I won’t support hypocrisy.
      The fact that so many devs of competing projects are triggered is an absolute confirmation of my thesis.
      BTW: I’m not IOTA Foundation, in fact, they told everyone to take a deep breath and to go on.
      I’m doing what I, personally, think is the right thing.

  2. Limo,
    Your response to the negative campaign against IOTA is fair and coherent. I appreciate your efforts in bringing the many relevant critical elements into more balanced context.

  3. I am an investor in IOTA and work as an organizational consultant and an academic in clinical and organizational psychology. I mention this not for the applause but simply because the back and forth has provided the “perfect storm” for anyone in my profession. What seems to be clear is that damage has been done, with mal-intent and motives that appear to be rooted in undermining the IOTA project. While the evidence is circumstantial, there were a variety of ways that the technical issues might have been addressed in order to protect and spare IOTA. In psychology, our creed is, “Do no harm!” This was obviously not the goal of the sensational headline and the language used in the report aired to the public. My only consolation is that there are times when in fear our adversaries complement us through their distortions and aggressions. We must then see in their actions the supreme complement and allow time and our best efforts to validate their fears. IOTA will be stronger, wiser, and better but only as we consider the words of Lord Barton, “I am sore wounded but not slain, I will lay me down and bleed a while, And then rise up to fight again.” Long live IOTA.

  4. Thank you for summing up the facts and providing careful, evidence-based analysis. The only question that remains is: Who is overseeing the “journalist” at Forbes and the academics at MIT who are not faculty, but still leverage the reputation of the world-renowned Institute? Respectable academics wouldn’t publish a piece in the way she did on Medium. Business school faculty wouldn’t do something so unprofessional, but it appears that Neha’s team exists as a stand-alone group at MIT. It makes one wonder: Who is overseeing what she does to protect the Institute from embarrassment, like the kind they are seeing now from such a wide range of people who know the crypto world? Even folks who own no IOTA and have only recently looked into it, are shocked by this clear attempt at smear IOTA. This all makes MIT look weak for not having better checks in place.

  5. Iota will have MANY uses, amazing tech, but it has the worst marketing and PR. They need to advertise IOTA as the ONLY fee-less p2p cryptocurrency. Once they correct their marketing and PR strategy, IOTA will jump

  6. you know why this bashing on iota is happening? because the ppl who do it actually are smart but realize . iota will render all their work out eventually. Andreas A dissappointed me realy though. he should be neutral and do research first.; he clearly isnt informed enough . Peter todd what does he know about cryptography realy? .. and MIT guys are just bias as fuck ofcourse.

  7. Hello, Linen. I agree with you, they just attacked the IOTA with the intention of devaluing it, they did not intend to present the vulnerability and allow the developers to discuss and submit the corrections, which were already made.
    I am grateful for your comments.

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisment ad adsense adlogger