Sentinel Chain ICO Investors' Personal Data Leacked

Shortly after the vulnerability discovered, Sentinel Team reported to police on the investor, who found the vulnerability
08 February 2018   466

Sentinel Chain startup launched its tokensale in the beginning of this week, but was forced to stop it immediatelly.

Soon after the start on February 5, it became known that due to the vulnerability in the system of identification of investors, their personal data, passport scans and details of correspondence leacked into the network.

At around 00:15 GMT, one of our registered Sentinel participants notified us of the vulnerability on our website.

All personal information submitted such as e-mail addresses, passwords or Ethereum public addresses, were encrypted on our database. However, a vulnerability on our registration site had allowed some of the uploaded files to be accessed by another registered user.
 

Roy Lai

CEO, Sentinel Chain

According to Sentinel, at least 15 participants attempted to take advantage of the vulnerability.

After our thorough investigations, we can confirm that this incident was an unintentional and accidental discovery. We have gained their compliance and co-operation to destroy the files. We have no evidence to suggest that this was a malicious attack.
As required by law and on the advice of our legal advisors, we also have notified the relevant authorities, government and law enforcement agencies.
At the same time, the team identified the 21 registered participants who have been affected by the incident. Over the past couple of days, I have been personally reaching out to them to assure them that we are taking all necessary steps to protect their personal information.
 

Roy Lai

CEO, Sentinel Chain

An ICO participant that spotted the vulnerability said in the Reddit message (now deleted, available at Web Archive) that organizers of ICO reported to police about him.

A couple hours later I received an e-mail from InfoCorp, the company that owns Sentinel Chain saying that they have notified the relevant authorities and that they are in consultation with their legal advisors on pursuing such unauthorised access to the maximum extent permitted at law including under the Computer Misuse and Cybersecurity Act (Chapter 50A). As a thank you for reporting the vurnability I got a police investigation.
 

notarealhacker at Reddit

Sentinel Chain intends to resume ICO on February 10. Despite the support of the Singapore fiinte-startup InfoCorp and cooperation with the well-known VeChain crypto currency project, this incident is likely to scare away potential investors. 

Сould you please attach your email address for us to send you the most interesting ICO's rating and reviews. No spam.

Centra Tech Inc. Co-Founder accused With Fraud by SEC

The US Securities and Exchange Commission (SEC) has charged Centra Tech Inc. co-founder, Raymond Trapani with ICO fraud  
25 April 2018   85

The charge came as the result of the SEC’s investigations into Centra’s controversial $32 million USD initial coin offering (ICO). Mr. Trapani is the third and final Centra co-founder to be accused for taking part in the ICO.

Raymond Trapani, a co-founder of Centra Tech Inc., has been charged by the SEC for his participation in “a fraudulent scheme connected with Centra’s 2017 ICO.” In 2017 Centra made headlines after enlisting celebrity approval from Floyd Mayweather and DJ Khaled. Two other firm`s co-founders, Sohrab “Sam” Sharma and Robert Farkas, were charged by officials earlier this month for their engagement  in the distribution of “CTR Tokens” to investors.

A changed variant of the SEC’s complaint demands that Trapani was the “mastermind of Centra’s fraudulent ICO,” with an SEC press release alleging that “Centra [was] marketed with claims about nonexistent business relationships with major credit card companies, fictional executive bios, and misrepresentations about the viability of the company’s core financial services products.” The SEC accuses Mr. Trapani and Mr. Sharma of “manipulat[ing] trading in the CTR Tokens to generate interest in the company and prop up the price of the tokens.”

We allege that the Centra co-founders went to great lengths to create the false impression that they had developed a viable, cutting-edge technology. 
Robert Cohen, Chief, SEC Enforcement Division’s Cyber Unit

 

The SEC has disclosed a text mail sent to Mr. Farkas and Mr. Trapani from Mr Sharma in what Mr. Sharma said to his colleagues “[w]e gotta get that s[***] removed everywhere and blame freelancers lol.” Mr. Trapani also demanded that Mr. Sharma “cook [him] up” a fraudulent document whilst the company was seeking to get CTR tokens listed on exchanges under misleading pretexts. Mr. Sharma replied to the request with “Don’t text me that s[***] lol. Delete.”

At the same time, the U.S. Attorney’s Office for the Southern District of New York has also looked for criminal accusations against Trapani. The SEC has revealed that text messages  jointly used between Centra’s co-founders discovered the scam purposes of the defendants.