Comprehensive AML and KYC Security Measures at FANTOM

1 jQ5AK2M 9bqNRtRROWT54Q

FANTOM’s AML and KYC Security Procedures

Recently, there have been rumors circulating about the security of FANTOM’s AML and KYC details, including allegations of compromised information such as dates of birth, selfies, and passports.

Rest assured, no user data collected from FANTOM’s systems has been compromised.

Individuals applying to join the whitelist for the crowdsale were required to provide specific details, including uploading copies of their passports. This information was crucial for successfully completing the AML and KYC processes, which were verified through our trusted third-party provider, Cynopsis—a leading technology solution provider for regulatory compliance in financial and professional services.

The whitelist data collected by FANTOM—comprising names, emails, selfies, and ID documents—for AML and KYC purposes remained secure and was never compromised by our systems. All data stored in our systems was securely encrypted (AES-256 and SHA-512) and promptly deleted after the whitelisting process concluded.

FANTOM conducted an internal security review that confirmed no signs of data leakage or breaches.

It’s important to remain vigilant against fake FANTOM websites or emails that attempt to deceive users, as these are beyond our control and may be attempts at fraud.

FANTOM’s Data Management and Security Procedures

  • All data submitted on FANTOM’s whitelisting page was encrypted using AES-256 and SHA-512.
  • AES-256: This encryption standard, also utilized by entities like the National Security Agency (NSA), ensures robust data protection.
  • SHA-512: A widely trusted Secure Hash Algorithm used globally for data integrity and security.

Upon form submission, user data was encrypted and securely transmitted via a POST request to an Amazon S3 database accessible only through an IP address restricted to FANTOM’s office. The only plaintext stored was the “nickname” field.

The whitelisting page password was encrypted using RSA public-key cryptography, with the private key stored securely offline on a single local PC within FANTOM’s office.

Selfies and passport images were encrypted using AES-256, with decryption only possible offline using the randomly changing private key securely stored in FANTOM’s office.

For a breach to occur, an attacker would need to access our database server from FANTOM’s office IP address and physically obtain the private key.

We appreciate your ongoing support.

https://medium.com/fantomfoundation/fantoms-aml-and-kyc-security-procedures-2d0b1c1a9c9f