Sentinel Chain, a platform that is the midst of a token sale, announced last week that a vulnerability had been uncovered that exposed sensitive user info. Founder and CEO Roy Lai, posting on Medium, shared the problem to the Sentinel Chain community;
“… one of our registered Sentinel participants notified us of the vulnerability on our website. All personal information submitted such as e-mail addresses, passwords or Ethereum public addresses, were encrypted on our database. However, a vulnerability on our registration site had allowed some of the uploaded files to be accessed by another registered user. Upon that discovery, we promptly took our server offline. As soon as it became evident and we were certain that sensitive identification information could have been exposed, we notified the community immediately. Due to the sensitivity of the situation, our first priority was mitigation and containment, followed immediately by conducting an investigation to determine the scope of the matter.”
Lai continued to explain the damage was relatively minor as only 21 registered participants were affected by the incident. Lai said the people who gained access to the user information had done so by accident. None the less, law enforcement was contacted to notify them of the issue. Better to be safe than sorry.
The Sentinel Chain problem appears to have a happy ending but it leads to a bigger question. With most all legitimate (and some not so much) initial coin offerings (ICO) now pursuing Know Your Customer (KYC) and anti money laundering (AML) compliance actions – how secure are these processes?
When you register to participate in an ICO you may need to hand over copies of your passport and / or other personal information. Identity theft is big business. Who hasn’t had their credit card information stolen at one time or another. Do you really want to be sharing this type of info to prove who you are without having confidence the information is truly secure? There have been far too many exchange hacks where hundreds of millions of dollars have been pilfered. Do you really think your personal information is safe in the hands of some of these token issuers? Not all ICOs have the same level of security.
Now, the good news is there are emerging services that provide identity verification in a secure manner. Over time, KYC / AML should be a simplified, secure and fast process without putting your personal information at risk. ICOs are becoming regulated securities offerings and this means a high standard of compliance to sell these tokens online. It is just going to happen. But in the interim, until the dust settles, it is best to be cautious with your personal information.
Have a crowdfunding offering you'd like to share? Submit an offering for consideration using our Submit a Tip form and we may share it on our site!