Elevated risk — significant security history and radical architectural pivot to an unproven new system, combined with minimal ecosystem adoption after nearly a decade of development, create substantial uncertainty.
Top Risks
1
Extensive history of security incidents — IOTA has experienced the Curl hash function vulnerability (2017), Trinity wallet attack ($2M stolen, 2020, required network shutdown via Coordinator), and replay attack vulnerabilities, demonstrating a pattern of critical security issues in earlier iterations
2
Radical architectural pivot — IOTA Rebased (May 2025) abandoned the original Tangle/Coordinator architecture entirely, switching to Move-based DPoS with Mysticeti consensus. While addressing centralization, this is effectively a new chain with less than 1 year of production history in its current form
3
Minimal DeFi ecosystem — combined TVL of approximately $10M across IOTA and IOTA EVM chains after nearly a decade of development, indicating limited developer and user adoption despite repeated architectural reinventions
4
The IOTA Foundation's pivot from crypto ecosystem to global trade infrastructure ($35T market) represents a strategic departure from the DeFi and L1 competition, creating uncertainty about the network's positioning and developer focus
Risk Breakdown
Frequently Asked Questions
Is IOTA safe to use?
IOTA receives a C+ risk grade (38/100) from Hindenrank, where lower scores indicate lower risk. Elevated risk — significant security history and radical architectural pivot to an unproven new system, combined with minimal ecosystem adoption after nearly a decade of development, create substantial uncertainty. IOTA is a distributed ledger originally designed for IoT micropayments using a novel DAG-based Tangle structure. After years of development challenges including critical security incidents (2017 Curl vulnerability, 2020 Trinity wallet hack requiring network shutdown), it underwent a radical transformation with the Rebased upgrade in May 2025, switching to Mysticeti DPoS consensus with Move smart contracts. Despite nearly a decade of development, its DeFi TVL remains minimal at approximately $10M. Its C+ grade reflects the significant security history, unproven new architecture, and limited ecosystem adoption, partially offset by the removal of the centralized Coordinator and active Foundation development.
What are the main risks of using IOTA?
The key risks identified for IOTA are: (1) IOTA has a history of critical security incidents including the 2017 Curl cryptographic vulnerability and the 2020 Trinity wallet exploit that required shutting down the entire network (2) The Rebased upgrade in May 2025 fundamentally changed IOTA's architecture from Tangle to DPoS with Move smart contracts — this new system has less than 1 year of production history (3) DeFi ecosystem is minimal at approximately $10M TVL after nearly 10 years of development, significantly lagging all competing L1 platforms (4) High staking APY of 14.64% appears unsustainable relative to the network's minimal fee revenue, suggesting dependence on treasury or inflationary funding
What is IOTA's risk score breakdown?
IOTA scores 38/100 across eight risk dimensions: Mechanism Novelty: 6/15, Interaction Severity: 5/20, Oracle Surface: 0/10, Documentation Gaps: 4/10, Track Record: 8/15, Scale Exposure: 5/10, Regulatory Risk: 3/10, Vitality Risk: 7/10. The highest risk area is Vitality Risk at 7/10.
How does IOTA compare to other L1 protocols?
Among 56 rated L1 protocols on Hindenrank, IOTA ranks #38 by safety (lowest risk score = safest). Its 38/100 risk score and C+ grade place it in the middle tier of L1 protocols.
Has IOTA ever been hacked or exploited?
IOTA scores 8/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.