How would they respond to such an event? Are there guidelines for this?
I am not referring to the blockchain, but the centralized services around it that act as a gateway to transactions.
Is this something that has been thought about?
electroneum is tested by hackerOne
I haven’t yet seen anytask taskschool being tested there
2 Likes
Hi,
Unfortunately, this doesn’t answer the question, nor it seems to provide clarity to the issue. I do appreciate the added info however.
What I’m trying to assert is the procedures in place to handle such an event, not what might help mitigate its occurrence.
Thanks
Are you asking whether a document exists that details the steps that would be enacted if Electroneum Ltd. were to experience some form of data breach?
If so, I’d guess you will find these next to the copy your bank and utility company has provided you with.
I have no doubt that this has been discussed internally but details like this would never be shared outside some key individuals due to the sensitivity of what they would contain.
2 Likes
I see here “hacktivity” and responses by etn ltd.
https://hackerone.com/electroneum/hacktivity
I don’t know why should the internal “patching” processes be exposed. Is that you are asking for?
I think he is asking what happens to our coins if ETN the company got hacked or shut down. Richard has stated in the past that if in the event something happens to ETN as a company the coins and the block chain would still survive such an event.
1 Like
I think that in the worst case scenario, all coins in the web wallet could be lost as we dont have any keys for them.
I also wonder whether there is a failsafe built into the moderated element of the blockchain to remove the approved miner filter so anyone would be able to continue the blockchain.
I suppose all of these uncertainties are part of the benefits of being an early adopter; with great risk comes great reward.
Well first of all it’s been stated by Richard more than once that something like 85% of ETN is held in a cold storage system and that cold storage system is robust requiring something like 5-6 keys to access…so even if 3 team members who held keys were kidnapped or something happened it woud be difficult to acess the cold storage for anyone attempting to steal the ETN held in cold storage.
I’m just going on memory, so I may be off a little. He also said something about it when talking about the system upgrades, ya know when they switched servers and all those system upgrades. Something about a new dynamic cold storage system that could adjust and compensate for increaed transaction demands. IF say more than 15% needed to be made available to conduct daily transactions.
The point is that at no time is 100% of the ETN available to get hacked.
So I have no idea what your going on about and trying to stir up.
2 Likes
That starts at the timestamp of what I was talking about .
The virtualization upgrade talk starts at around 15:04.
So basicaly they have a globalized cold storage system that covers the entire wallet system globaly, not just individually and the system can monitor for increase in transaction spikes and alert the team that they need to pull more out of cold storage. Then it requires 3 of 8 keys to do it. If of course that’s what they stuck with in the end. Things could have changed a little. But global cold storage exists, no doubt.
1 Like
keep them in paper wallet …
RE stated that they are still working with Hackerone not to long ago. I will be absolutely shocked if they were not doing penetration testing.
I asked Hacker1 support. no reply yet
2 Likes
I got answer from Hackerone:
"
Thanks for reaching out about the Electroneum page. It could be that they have requested to be removed from the Directory or they have a private program. If you would like to submit a report to them you may want to try submitting through Disclosure Assistance: https://docs.hackerone.com/programs/disclosure-assistance.html
The Disclosure Assistance team makes a best effort to reach out to a company on behalf of you the hacker to see if we can get them to review the report. If the company does communicate back the team will then update you to let you know what the company said.
I apologize for any inconvenience.
Best,
Megan | HackerOne Support
"
2 Likes
