This is a message from Annika Monari and Alan Vey, the founders and directors of Aventus. We are writing to address the Aventus Presale Phishing Attempt, which harmed us and our community as a whole.

As many of you know, last night at around 22:20 BST a login to our Mailchimp account from IP: 176.126.252.3 in Bucharest, Romania occurred, and a fraudulent email was sent out about an illegitimate Aventus Presale, phishing for contributions to a hacker’s address. Disgracefully, the hacker was able to obtain about 39 ETH at the point of writing from around 15 of our community members (Note some of these transactions are likely the hackers themselves). The hackers had access to our mailing list, but the only sensitive information they got was our community’s email addresses. One of our employee’s accounts was not sufficiently protected and was compromised, which is how the hackers managed to access MailChimp. Given the strict internal security policy at Aventus, the individual had restricted access to everything, which is why the situation was limited to MailChimp and could be quickly rectified by us within 20 minutes.

By 22:40, we had handled the situation and locked out the hackers. By then we had been in touch with Mailchimp and changed all of our passwords and 2FA settings on all other Aventus accounts. We sent out a follow up email that stated that the previous email was a scam to our entire mailing list warning them not to contribute funds, and we answered every email and Slack question that came in and confirmed that the scam was indeed a scam. We had also deleted the compromised employee’s access to all Aventus accounts. We can confirm that all other sensitive information and Aventus accounts remained completely secure and untouched by the hack.

Our community members did an excellent job of mitigating the damage done from the attack; from 22:20, our community took the lead. We received numerous emails and warnings on Slack about the phishing attempt in our #link-duedilligence channel, and people already started working to track down the perpetrators. We would like to thank you all so much for helping us and standing by us when times got tough; we are immensely grateful for the actions of our growing community.

Alan and Annika, the founders of Aventus, are taking full responsibility for what has happened. We are extremely sorry for the pain we have caused some of you. We value our community above everything so to us there is nothing worse than some of our loyal members and newer crypto enthusiasts being taken advantage of by malicious and cowardly actions such as those last night. We will be restoring all stolen funds in this recent scam attempt provided you can prove being in the community for a while and are not part of the hack and the transaction was sent before the release of the second email confirming the SPAM (about a 30 min window); we have already been in direct contact with some of the individuals who lost funds, but if you have not been in touch yet please email us at tokensale@aventus.io with information about yourself and your transactions so we can refund your loss.

This is a huge lesson to us all. We have been working around the clock to ensure a new, extremely high standard of security, which we will outline below:

None of Aventus’ email accounts, social media accounts, or servers were compromised; only Mailchimp, and that is how they were able to send an email looking like “info@aventus.io”. We have deleted our Mailchimp account and created a new one from scratch with a password adhering to the highest security standards stored offline, 2FA and only Alan and Annika have access to it.

Since email, or more formally SMTP does not validate the “from” address, it is possible for anyone to send an email looking like it came from any address, such as info@aventus.io or even admin@google.com. Therefore, we will be accompanying every official email with 3 sources of proof; (1) a tweet confirming the email; (2) a post on our blog, and (3) a Youtube video linked in the email, where Alan or Annika will read out a random string of characters contained at the top of every email. We will NEVER ask for any contributions via email.

We will ask for any contributions via email. Our token sale address will never be sent via email. We will be releasing it today via 5 sources of proof (some of these we have been mentioning for weeks now):

(1) You will be able to look up Aventus.eth on etherscan.io which uses the Ethereum Naming Service for complete security. This will be our token sale address;

(2) in a tweet on our official Twitter account;

(3) #announcement channel in Slack;

(4) a video recording of us reading our the address;

(5) A blog post.

Please do not send any funds to any address other than after you have cross-checked at least 3 of these sources of truth.

We will be releasing it today via 5 sources of proof (some of these we have been mentioning for weeks now): (1) You will be able to look up Aventus.eth on etherscan.io which uses the Ethereum Naming Service for complete security. This will be our token sale address; (2) in a tweet on our official Twitter account; (3) #announcement channel in Slack; (4) a video recording of us reading our the address; (5) A blog post. Please to any address other than after you have cross-checked at least 3 of these sources of truth. We have rechecked the MetaCert config on our Slack team and will be using it to monitor all phishing attempts. Tomorrow, on Monday September 4th we will also be disabling all communication on our Slack team; only the #announcement channel will be accessible and this will only contain official statements from Alan and Annika. To get in touch please email tokensale@aventus.io or tweet us @AventusSystems.

We have changed all passwords and increased their difficulty 10 fold. We also have 2 factor authentication enabled on every account possible. Until the token sale ends, no account sharing, even through password managers, will occur. We have even higher security protocols internally for our employees to adhere to, which of course we will not be disclosing publicly.

Thank you again, all of you, for your continued support and commitment in helping us put out the fire and manage our community and the repercussions of this attack. We are very fortunate that you are still standing by us, despite what has happened. Lets continue to work together to make Aventus a huge success and a much needed change in the traditional ticketing industry.

We have plenty of announcements coming today, tomorrow, and before the token sale commences on the 6th September; we cannot wait for you guys to see what’s in store.

Sincerely,

Annika Monari and Alan Vey

Directors and Founders of Aventus