A Singapore-based cryptocurrency startup allegedly called on police to report against a bug hunter who pointed out the vulnerability in design due to which it was leaking sensitive user’s data such as Passport details and email addresses.
Sentinel Chain which kicked off its initial coin offering (ICO) on Monday was forced to shutdown the token sale after the glitch was reported, however, apparently not before it booked an FIR against the Samaritan.
A Reddit user u/notarealhacker, in a (now deleted) post said, “I received an e-mail from InfoCorp, the company that owns Sentinel Chain saying that they had notified the relevant authorities and that they were in consultation with their legal advisors on pursuing such unauthorised access to the maximum extent permitted at law including under the Computer Misuse and Cybersecurity Act (Chapter 50A).”
“As a thank you for reporting the vulnerability I got a police investigation,” the user further added.
The CEO of the startup, Roy Lai in a Medium post accepted that the vulnerability which was allowing anyone to see uploaded data by its users was reported within 10 minutes of the start of the token sale.
“All personal information submitted such as e-mail addresses, passwords or Ethereum public addresses, were encrypted on our database. However, a vulnerability on our registration site had allowed some of the uploaded files to be accessed by another registered user,” Lai wrote.
He further said that at least 15 users had got access to the data of 21 registered participants. The company has notified the relevant authorities, government and law enforcement agencies about the breach.
Before buying a token, a buyer has to submit some KYC documents such as of photos of the passport, a selfie with the passport and proof of residence. The company notified on its Telegram channel that the KYC registration will resume on Saturday.
On Friday, the company also notified that it had surpassed its pre-sale goals and had raised USD 6.4 million already.
The Sentinel Chain seeks to “empower the unbanked economy” by raising funds through the ICO. It aims to establish livestock provenance through the creation of livestock insurance on the blockchain.