Sentinel Chain startup launched its tokensale in the beginning of this week, but was forced to stop it immediatelly.
Soon after the start on February 5, it became known that due to the vulnerability in the system of identification of investors, their personal data, passport scans and details of correspondence leacked into the network.
At around 00:15 GMT, one of our registered Sentinel participants notified us of the vulnerability on our website.
All personal information submitted such as e-mail addresses, passwords or Ethereum public addresses, were encrypted on our database. However, a vulnerability on our registration site had allowed some of the uploaded files to be accessed by another registered user.
CEO, Sentinel Chain
According to Sentinel, at least 15 participants attempted to take advantage of the vulnerability.
After our thorough investigations, we can confirm that this incident was an unintentional and accidental discovery. We have gained their compliance and co-operation to destroy the files. We have no evidence to suggest that this was a malicious attack.
As required by law and on the advice of our legal advisors, we also have notified the relevant authorities, government and law enforcement agencies.
At the same time, the team identified the 21 registered participants who have been affected by the incident. Over the past couple of days, I have been personally reaching out to them to assure them that we are taking all necessary steps to protect their personal information.
CEO, Sentinel Chain
An ICO participant that spotted the vulnerability said in the Reddit message (now deleted, available at Web Archive) that organizers of ICO reported to police about him.
A couple hours later I received an e-mail from InfoCorp, the company that owns Sentinel Chain saying that they have notified the relevant authorities and that they are in consultation with their legal advisors on pursuing such unauthorised access to the maximum extent permitted at law including under the Computer Misuse and Cybersecurity Act (Chapter 50A). As a thank you for reporting the vurnability I got a police investigation.
notarealhacker at Reddit
Sentinel Chain intends to resume ICO on February 10. Despite the support of the Singapore fiinte-startup InfoCorp and cooperation with the well-known VeChain crypto currency project, this incident is likely to scare away potential investors.