TL;DR of this post:
Never use IOTA. Ever. The developers broke every "good practice" they could find and built a coin that's centralized and insecure by design. Please be *extremely* careful when investing your money. Do not spend more than you're willing to lose.


Cryptocurrencies are popular like never before. I've been following Bitcoin and some of it's offsprings since early 2012, but this year was just amazing. It seems like more and more people finally understand that "magical computer money" can (and should) have real-world value.

One of the coins that surf on this hype-wave is IOTA.
If you don't know this coin yet click here.


A few weeks ago a coworker told me about IOTA. He said it was a new, fancy, revolutionary coin that will disrupt the market. It was apparently partnered with major companies like Telekom, Microsoft, Fujitsu and more.

Then he went on:
"It has zero fees".
"Also no need for mining".
"They use a better blockchain"

I was shocked and excited at the same time.
This IOTA-thingy did sound pretty cool, but the "upsides" my coworker mentioned raised some pretty big questions for me:

You get the gist.
This coin just seemed too good to be true.

The "Tangle"

Before talking about concerns, let's explore how IOTA (basically) works.

The Tangle is a directed acyclic graph (DAG).
"Directed acyclic graph" sounds horribly complicated, but it's basically nothing more than a graph that follows a certain "flow" (hence "directed") and guarantees that "walking" along the paths and connections will never end up in loops ("acyclic").

Let's take a look at an example-tangle:

As you can see, the Tangle is basically an "exposed blockchain". Instead of wrapping multiple transactions into blocks which point to the parent block (hence building the "chain"), they just insert the transactions directly and make them point to two other (random) transactions. This generates the ever-growing "ledger-tree" over time.

When a node has chosen two previous transactions, it verifies them by checking their proof-of-work hash and making sure that they don't build upon a double-spend. To choose which branch to attach a transaction to, the node uses a MCMC-based algorithm. As long as the majority of other nodes does the same, the tips will then diverge into the same direction.

Ok, cool concept.
But does it work?

The answer is: "kinda". With a lot of strings attached.

Concern #1 - Missing dev knowledge

This is probably my most important point.

It seems that the IOTA developers did not think very much about the network that will power the coin on the long run.

One extremely important part of developing a decentral system is that an average user should be able to fully participate in the network at all times.

This means that your system should expect to run on low bandwidth, slow CPUs, low memory and "small" harddrives.

A very common misunderstanding of Bitcoin is that it only has a 1mb blocksize because it's running on old technology and/or lead by stubborn developers and pool operators. In reality this blocksize is a self-imposed limit to stay in the the aforementioned restrictions.

Bitcoin has used this limit for many years and the only thing consumers need to fully participate in the network is ~150GB of HDD storage. Storage is extremely cheap. The decentralisation promises still stand.

Cryptocurrencies that disrespect these basic rules are very prone to centralisation because they will inevitably reach a point where the average consumer can only use "light wallets" which don't actually participate in the network.

Back to IOTA:
The Tangle does not come with any rules regarding the transaction influx or size. It is thus safe to assume that IOTA will require very fast internet and CPUs (in addition to a lot of HDD space) once it's adopted by more and more people and devices. It will thus become more and more centralised to some few "full nodes" over time.

Also keep in mind that IOT devices are usually connected to the net with low-data cell connections or low-priority shares of consumer-level ADSL. This means that the TARGET AUDIENCE of IOTA will never be able to run a full node. That is a HUGE design fail and should be a red flag for any user.

Concern #2 - Security

IOTA is utterly insecure on a small scale

The way the Tangle works means that IOTA needs at least 67% of "honest full nodes" in it's network at all times. Once an attacker manages to get more than 33% of the network's hashrate, he can build a sufficiently large and correctly linked "sub-tangle" that may double-spend money.

The IOTA concept does not have a good solution to this obvious problem.

Their current workaround is "The Coordinator"

It's a central point of trust (and failure) in the network that's run by the IOTA Foundation. It centrally directs the path of the DAG by creating "milestones" that all nodes blindly treat as a "everything before this is valid" entry.

This should be another HUGE red flag.

The IOTA Foundation could (in theory) double-spend their ICO-share or any other balance because all nodes will blindly trust the Coordinator which they control.

If the private key of the Coordinator is ever leaked, anyone can do this.

Concern #2.1 - The Coordinator

IOTA is actually insecure and centralised by design

Even though IOTA announced that the Coordinator will become optional at some point, there is no chance that they will ever be able to actually do that.

Quote of IOTA co-founder (link):

Digital signatures are verified by every computer in IOTA network, if a signature passes the verification routine then it’s, PROBABLY, valid. To make sure that the signature is indeed valid the computer waits for the transaction containing the signature to be referenced by a milestone.

This is bad. REALLY bad. But it gets worse:

I changed the number of rounds to allow practical collisions. With Coordinator, IOTA’s security depends on one-wayness of Curl-P. Without Coordinator the security depends on collision resistance. IOTA is unaffected by collisions in Curl-P, scam-driven clones are.

If IOTA ever decides to shut the Coordinator down, the "copy-protection" of Curl-P will start to work against them by enabling hash-collisions until they invent a new crypto that isn't intentionally insecure.

It also shows us how IOTA devs think about open-source. They do not want to be forked and do everything in their power to prevent code-reuse. It's basically a "look but don't touch" project.

Concern #3 - Bad technical judgement

404 - real world not found

One of the first things you'll learn when exploring IOTA is that they use a base-3 numeral system (-1, 0, 1) instead of binary (0, 1). The authors frequently claim that this decision was a good choice and have various arguments they'll throw at you if you question them.

It basically boils down to:

In the context of IOTA, these arguments are bullsh*t.

IOTA claims to be the "backbone of IOT".
The IOT consists of millions of existing devices and will not switch away from cheap binary processors for forseeable amounts of time. Also the whole internet works with binary communication on the lowest level.

Devices running IOTA will always need to convert back-and-forth multiple times when computing anything remotely relevant. IOTA has thus decided that a coin that's DESIGNED to run on small, limited and legacy IOT-devices should be developed with a higher focus on tidyness than performance.

Of course using ternary instead of binary required the IOTA devs to reinvent the most basic things for their system, like cryptographic functions. The basic rule to cryptography is: NEVER roll your own. Yet they felt confident enough to break this rule. Not much later a team of researchers broke the algo.

This all makes IOTA look like a project of some students who have absolutely zero knowledge about the real-world situation they're developing for, with no slightest bit of insight or openness to more experienced people.

Concern #4 - Money Origin

IOTA does not "need" mining because it is 100% premined

Yes you read that right.
Every single one of the 2,779,530,283,277,761 IOTA that can ever exist has been premined in the genesis-transactions. They were then all sold in an "Initial Coin Offering" (ICO).

You cannot get IOTA without buying them from someone else.

Concern #5 - The Code

The mainstream is good, right?

IOTA's reference implementation is written in Java.
I repeat: JAVA.
For a thing that needs to be fast and secure.

Oh and the wallet is an Electron/NodeJS "app".
It's a single JavaScript file with ~2.5k lines of code.

It also features a whopping 500+ open issues related to magically disappearing IOTA balances or coins that got "taken custody" by the foundation.

There are no styleguides or tests in either repo and every single CI build has failed because they don't care to write a correct .travis.yml.

So yeah. That's that.
Final rating: 💩/10.

Concern #6 - Marketing

IOTA uses misleading marketing strategies to convince the "broad mass".

You'll frequently see "concepts" like this or this. If you're looking at them without rose-tinted glasses, you'll notice that all of these fancy "machine to machine" things work with ANY form of non-physical money.

Yes. Any.
You could even realize this with goddamn PayPal.

IOTA also likes to announce "partnerships" with major tech companies. As it turns out, these major companies never really partnered with IOTA. They are just ""interested"" in the IOTA Marketplace where sensor-data can be sold and bought. Not more, not less.

As it turns out, the most important purpose of IOTAs marketing is to keep up the hype bubble. Sadly this seems to work quite well. The community and markteing are actively working against criticism by declaring negative opinions as FUD. They even have a #anti-fud channel on their Slack where such opinions get posted to "warn" the fans. I wonder if my post will pop up in there :thinking:

My Reaction to all this


You should not use IOTA.
Even if you don't care about centralization or security, please keep in mind that using the "hype-bubble" of IOTA to make money supports this utterly flawed coin. We're better off without it.

Stop this madness.
Invest in something safe.