Sentinel Chain ICO Investors' Personal Data Leacked

Shortly after the vulnerability discovered, Sentinel Team reported to police on the investor, who found the vulnerability
08 February 2018   1381

Sentinel Chain startup launched its tokensale in the beginning of this week, but was forced to stop it immediatelly.

Soon after the start on February 5, it became known that due to the vulnerability in the system of identification of investors, their personal data, passport scans and details of correspondence leacked into the network.

At around 00:15 GMT, one of our registered Sentinel participants notified us of the vulnerability on our website.

All personal information submitted such as e-mail addresses, passwords or Ethereum public addresses, were encrypted on our database. However, a vulnerability on our registration site had allowed some of the uploaded files to be accessed by another registered user.
 

Roy Lai

CEO, Sentinel Chain

According to Sentinel, at least 15 participants attempted to take advantage of the vulnerability.

After our thorough investigations, we can confirm that this incident was an unintentional and accidental discovery. We have gained their compliance and co-operation to destroy the files. We have no evidence to suggest that this was a malicious attack.
As required by law and on the advice of our legal advisors, we also have notified the relevant authorities, government and law enforcement agencies.
At the same time, the team identified the 21 registered participants who have been affected by the incident. Over the past couple of days, I have been personally reaching out to them to assure them that we are taking all necessary steps to protect their personal information.
 

Roy Lai

CEO, Sentinel Chain

An ICO participant that spotted the vulnerability said in the Reddit message (now deleted, available at Web Archive) that organizers of ICO reported to police about him.

A couple hours later I received an e-mail from InfoCorp, the company that owns Sentinel Chain saying that they have notified the relevant authorities and that they are in consultation with their legal advisors on pursuing such unauthorised access to the maximum extent permitted at law including under the Computer Misuse and Cybersecurity Act (Chapter 50A). As a thank you for reporting the vurnability I got a police investigation.
 

notarealhacker at Reddit

Sentinel Chain intends to resume ICO on February 10. Despite the support of the Singapore fiinte-startup InfoCorp and cooperation with the well-known VeChain crypto currency project, this incident is likely to scare away potential investors. 

Binance to Conduct Unplanned BTT Airdrop

"One tester inadvertently clicked an airdrop button for BTT" as head of the exchnage reported
20 February 2019   102

Binance, the largest cryptocurrency exchange, inadvertently implemented BitTorrent airdrop. Because of this, the wallets of some users of the trading platform were replenished with BTT tokens.

While doing testing for Fetch.ai , one tester inadvertently clicked an airdrop button for BTT, giving some BTT launchpad buyers extra BTT tokens. We are resolving the issue now. No other people are affected.
 

Changpeng Zhap

CEO, Binance

One commentator joked that getting some extra tokens is not a problem at all. The head of Binance answered him that this question is now being resolved and, most importantly, all means are safe. Another Twitter commentator joked that he inadvertently pressed the Sell button and sold BTT tokens very cheaply. 

Also today, Changpeng Zhao reminded that only one day remained before the launch of the test network of the decentralized Binance DEX exchange.