How would Electroneum respond to a hack?

How would they respond to such an event? Are there guidelines for this?

I am not referring to the blockchain, but the centralized services around it that act as a gateway to transactions.

Is this something that has been thought about?

electroneum is tested by hackerOne

I haven’t yet seen anytask taskschool being tested there

2 Likes

Hi,

Unfortunately, this doesn’t answer the question, nor it seems to provide clarity to the issue. I do appreciate the added info however.

What I’m trying to assert is the procedures in place to handle such an event, not what might help mitigate its occurrence.

Thanks

Are you asking whether a document exists that details the steps that would be enacted if Electroneum Ltd. were to experience some form of data breach?

If so, I’d guess you will find these next to the copy your bank and utility company has provided you with.

I have no doubt that this has been discussed internally but details like this would never be shared outside some key individuals due to the sensitivity of what they would contain.

2 Likes

I see here “hacktivity” and responses by etn ltd.
https://hackerone.com/electroneum/hacktivity

I don’t know why should the internal “patching” processes be exposed. Is that you are asking for?

I think he is asking what happens to our coins if ETN the company got hacked or shut down. Richard has stated in the past that if in the event something happens to ETN as a company the coins and the block chain would still survive such an event.

1 Like

I think that in the worst case scenario, all coins in the web wallet could be lost as we dont have any keys for them.

I also wonder whether there is a failsafe built into the moderated element of the blockchain to remove the approved miner filter so anyone would be able to continue the blockchain.

I suppose all of these uncertainties are part of the benefits of being an early adopter; with great risk comes great reward.

The pre-mined coins are held in cold storage by a third party, so they are safe. I assume you are referring to the wallet system?

Well of course anything online has a chance of being compromised, even with industry standard protection, infrastructure and Hackerone pen testing since 2017. That’s why the team always remind users to use cold storage for holding coins and only keep what you wish to use on your online wallet.

The current setup of the system lends itself to protection through complexity as unlike most exchanges which have a single hot wallet for all coins, the ETN system has separate wallets for each user… which would make accessing the millions of accounts after a breach one-by-one on cryptonight a HUGE undertaking… but that’s still not 100% safe.

So what about moving forward? Well the team have discussed options they are working on, including a change in setup to include hot and cold wallets. … there are also other options being considered which are not in the public domain yet.

Worrying about your funds is a very wise thing for everyone to do. The Electroneum wallets are very secure, but we should all use paper wallets (and hard wallets once available) to store our coins. Once future changes are in place to further mitigate risk, then people can reconsider their position.

11 Likes

Well first of all it’s been stated by Richard more than once that something like 85% of ETN is held in a cold storage system and that cold storage system is robust requiring something like 5-6 keys to access…so even if 3 team members who held keys were kidnapped or something happened it woud be difficult to acess the cold storage for anyone attempting to steal the ETN held in cold storage.

I’m just going on memory, so I may be off a little. He also said something about it when talking about the system upgrades, ya know when they switched servers and all those system upgrades. Something about a new dynamic cold storage system that could adjust and compensate for increaed transaction demands. IF say more than 15% needed to be made available to conduct daily transactions.

The point is that at no time is 100% of the ETN available to get hacked.

So I have no idea what your going on about and trying to stir up.

2 Likes

That starts at the timestamp of what I was talking about .

The virtualization upgrade talk starts at around 15:04.

So basicaly they have a globalized cold storage system that covers the entire wallet system globaly, not just individually and the system can monitor for increase in transaction spikes and alert the team that they need to pull more out of cold storage. Then it requires 3 of 8 keys to do it. If of course that’s what they stuck with in the end. Things could have changed a little. But global cold storage exists, no doubt.

1 Like

keep them in paper wallet …

the page hackerone.com/electroneum doesn’t exist anymore.
Do you have any info why?

No idea. I looked not all that long ago and the bounty was still live. Perhaps they have removed their managed status, or maybe moved to another platform, or perhaps in the middle of doing something as part of anytask.

:man_shrugging:

2 Likes

RE stated that they are still working with Hackerone not to long ago. I will be absolutely shocked if they were not doing penetration testing.

I asked Hacker1 support. no reply yet

2 Likes

I got answer from Hackerone:

"
Thanks for reaching out about the Electroneum page. It could be that they have requested to be removed from the Directory or they have a private program. If you would like to submit a report to them you may want to try submitting through Disclosure Assistance: https://docs.hackerone.com/programs/disclosure-assistance.html

The Disclosure Assistance team makes a best effort to reach out to a company on behalf of you the hacker to see if we can get them to review the report. If the company does communicate back the team will then update you to let you know what the company said.

I apologize for any inconvenience.

Best,
Megan | HackerOne Support
"

1 Like
Community Terms | Main Terms & Conditions | Privacy Policy | Support Tickets | Main Website