Can you provide a link please? All I see in the comments to the researcher's piece is an IOTA advisor threatening a libel suit - a really good sign that they "really care" about their technical issues.
Ok. I've read it. Nowhere does it mention IOTA contacting the researchers in question in May.
This article also answers the wrong question. If the crytocurrency is not cryptographically secure all that stands between an attacker and a victim is a piece of malware or social engineering. The fact that the researchers didn't go all the way and document a specific attack that could be performed tomorrow does not mean that Curl was secure in practice.
Finally this continues to fail to address many salient points. Like why use trits? Why wasn't kekkac used from day one?
