A few hours ago I learned that another ICO was (partially) hacked and information has been stolen. This is a major red flag for me, if they can't create a secure website I don't have enough confidence in the team to go forward with their ICO and invest in them.
In a statement from Sentinel Chain the CEO states that they paused KYC registration and are currently investigating what happened, how it happened and what the exact damage is of the breach.
Dear supporters of Sentinel,
As you might have heard, the team had reasonable suspicion that the data on our site may have been compromised during the KYC registration process a few hours ago. The team is currently investigating if certain information, including names, residence addresses, phone numbers, email addresses and documents could have been compromised.
We are conducting a thorough review of the site. We have put KYC registration on hold until the site review is complete.
Our top priority is taking care of you and helping you feel confident about participating in our campaign, and it is our responsibility to protect your information during this process.
We didn’t live up to that responsibility, and I am truly sorry.
Please know we moved as swiftly as we could to address the problem once it became known, and that we are actively taking steps to respond to your concerns and guard against something like this happening again.
I know this issue has created a great deal of confusion and frustration. I share those feelings. You expect more from us and deserve better.
We want to earn back your trust and confidence and ensure that we deliver the experience you know and love.
We are determined to make things right, and we will.
CEO, Sentinel Chain
It's not the first time a project their website was hacked whilst nearing their ICO, however this particular case points out the real need for secure KYC solutions. And coincidence or not, but there's a project, Bridge Protocol, that's about to launch their ICO to solve exactly this use case.
Users will no longer have to upload their documents to multiple platforms and service providers. Through a one-time process with Bridge, they'll be able to create a wallet which they can then use to sign contracts and enter into legally-binding agreements.
The Identity Management System (IMS) will hold only vague non-sensitive information about the person and will be used to flag suspicious transactions. Bring Your Own Key capabilities will also allow users to generate and submit their own encryption key, putting them in full control of their information.
Really looking forward to this project, read more about it in my more in depth analysis here.
Update 05 February, 2018 12:15 UTC
In an updated statement Sentinel Chain informed their community through Telegram that only a small handful of users (not sure how many that is exactly) is affected by the breach and the individuals that did it have no malicious intent and are working together with them. They will reach out to everyone affected and resume KYC shortly.
Hi everyone, thank you for your patience - we are still in the midst of our investigation. At this point, we can confirm that only a small handful of users were affected. Roy will be personally contacting them to address the situation.
We have also managed to identify the individuals who have gained unauthorised access to the data/documents, and have been in touch with them. They have no malicious intent and have been cooperative in the matter. This was an unintentional discovery and we are grateful that our supporters have been very understanding.
We would like to ensure the re-launch of the KYC registrations goes smoothly - we hope that our supporters will continue to be with us in achieving our goal in serving the unbanked. Big thanks to everyone who has been cooperative and reached out to us to offer their help!