Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
In the recent referendum on constitutional reform, 1.14 million Russians voted through the blockchain platform, but their data has been made public on the Internet and can be accessed directly from state-owned servers. Election officials Shared a ZIP file containing id card information, passport Numbers and other passport information of people who voted on the blockchain platform, sources said. The ZIP file is stored on a government website. The files are free and can be downloaded by anyone at any given time. In addition, the files are password-protected, though the passwords are not very strong. Meanwhile, there are other problems with the blockchain voting platform, such as a loophole for partial repeat votes. Attack method (per SlowMist): Information Leakage. Reported loss: -.
- chain
- —
- protocol
- Russian blockchain voting platform
- bug_class
- unknown
- date_occurred
- 2020-07-10
- loss_usd
- —
- source_id
- sm:russian-blockchain-voting-platform::2020-07-10