Sentinel Chain ICO Investors' Personal Data Leacked

Shortly after the vulnerability discovered, Sentinel Team reported to police on the investor, who found the vulnerability
08 February 2018   930

Sentinel Chain startup launched its tokensale in the beginning of this week, but was forced to stop it immediatelly.

Soon after the start on February 5, it became known that due to the vulnerability in the system of identification of investors, their personal data, passport scans and details of correspondence leacked into the network.

At around 00:15 GMT, one of our registered Sentinel participants notified us of the vulnerability on our website.

All personal information submitted such as e-mail addresses, passwords or Ethereum public addresses, were encrypted on our database. However, a vulnerability on our registration site had allowed some of the uploaded files to be accessed by another registered user.
 

Roy Lai

CEO, Sentinel Chain

According to Sentinel, at least 15 participants attempted to take advantage of the vulnerability.

After our thorough investigations, we can confirm that this incident was an unintentional and accidental discovery. We have gained their compliance and co-operation to destroy the files. We have no evidence to suggest that this was a malicious attack.
As required by law and on the advice of our legal advisors, we also have notified the relevant authorities, government and law enforcement agencies.
At the same time, the team identified the 21 registered participants who have been affected by the incident. Over the past couple of days, I have been personally reaching out to them to assure them that we are taking all necessary steps to protect their personal information.
 

Roy Lai

CEO, Sentinel Chain

An ICO participant that spotted the vulnerability said in the Reddit message (now deleted, available at Web Archive) that organizers of ICO reported to police about him.

A couple hours later I received an e-mail from InfoCorp, the company that owns Sentinel Chain saying that they have notified the relevant authorities and that they are in consultation with their legal advisors on pursuing such unauthorised access to the maximum extent permitted at law including under the Computer Misuse and Cybersecurity Act (Chapter 50A). As a thank you for reporting the vurnability I got a police investigation.
 

notarealhacker at Reddit

Sentinel Chain intends to resume ICO on February 10. Despite the support of the Singapore fiinte-startup InfoCorp and cooperation with the well-known VeChain crypto currency project, this incident is likely to scare away potential investors. 

Сould you please attach your email address for us to send you the most interesting ICO's rating and reviews. No spam.

Tezos Bug to Slow Down the Network in 20 Times

The issue looks fixed now and Tezos network works in the standard transmission mode
25 September 2018   163

In the main network of the Tezos block project, a bug was discovered one week after its official launch. According to tzscan.io, on August 24, due to the vulnerability, the release time of the blocks increased from 1 to 20 minutes.

Tzscan.io
Tzscan.io

The user of the service for hosting IT projects GitLab under the nickname "Jérémie" reported on block freezing for 45 minutes. Later in Riot chat he learned that developers are aware of the problem and they are working on its solution.

Bug between the baker and the node. The two communicate over json but the json serializer incorrectly handled some control characters. Immediate fix was to patch the serializer. Medium term fix is that the baker and node really should communicate using the binary RPCs instead.
 

murbard at Reddit

Soon after the discovery of the bug, one of the developers posted an urgent fix at GitHub, which was proposed to be installed by all the bakers. Currently the Tezos network operates in normal mode, and the units are released every minute.

As of September 25, 08:00 UTC network of Tezos worked in the standard transmission mode - 1 block per 1 minute