As many of you know, we experienced quite the rush of traffic during our whitelist process. So much so that we took down servers of the entire system of a 3rd party KYC provider. Opening our whitelist simultaneously to 100k+ active app users, 50k+ Telegram Group members, and hundreds of thousands of others across various marketing channels created quite the stir.

I want to address our community and be transparent about a couple issues we had, and how we went about solving them. It’s also important to note your data is safe and protected as we did not experience any hacks or data breaches during this process. Everyone’s information is encrypted and secure.

During our whitelist process we had two primary issues

  1. Our Telegram group was flooded
  2. A 3rd-party KYC verification provider went down, causing multiple failures when uploading information and files during applications

Issue 1

Telegram: With one of the largest and fastest growing Telegram groups we expected a large rush. In preparation we built a bot, which would instantly delete all messages in our group, other than selected admins. We did this to create a “read only” group. Scammers prey on confused chaos in these situations by sending direct messages to people who seem confused or are asking questions. We wanted to avoid this at all costs.

Our bot worked well the first two minutes but we reached a point of thousands of concurrent messages in the group and the bot was not able to cope. Our Telegram group become unreadable in most cases, regardless of connection speed, as tens of thousands of messages came pouring in. To some extent this worked in our favor, making it much harder for scammers to spread false information.

How did we solve this? We optimized the bot, but it took an hour and a half to do so during the process. When upgraded, the group become read-only and we sent out official updated messages regularly.

How do we solve this for the public sale? The bot is now optimized to scale and we have a few other strategies in place.

In addition, there will be only one source to find the ETH address to send funds to during our public sale, and it will be on our primary website. As long as you confirm you are on dock.io (please, triple-check everything!), you will be safe.

Issue 2

KYC Provider: We went through many technical vettings and were confident in this provider as they run a fairly large and successful business. Two minutes into opening the whitelist we began receiving errors from the provider, and only partial data was being successfully processed. Shortly after we received an email notifying us they had disabled our account as their entire system was on the verge of collapse. This made it impossible for people to upload ID documents and the system returned constant errors. Roughly 10,000 people were affected.

How did we respond? We immediately disabled data processing by the third party service and rerouted all submissions to our secure data storage. We’re processing all submissions in offline mode.

Side note: All information uploaded is encrypted for maximum security and our company is fully compliant with GDPR, data privacy and ownership. Our mission with dock.io is to empower users to own and control their information. After we complete KYC there will only be one copy of this data which will be stored with our KYC provider in case we need to access it for legal compliance or auditing. All personal data from our servers will be permanently erased.

Further response:

  • We identified and emailed the 10,000 individuals who experienced issues and created a process for each to complete their whitelist submission, providing everyone up to 24 hours to complete the process.
  • We originally communicated the first 25,000 people would be accepted to the whitelist. Because we had issues and want to make sure everyone has a fair chance to participate, we are extending this number and will likely end up including 35,000+, including everyone who provided accurate and complete details during the process.
  • We set up a dedicated channel for people to contact us regarding whitelist questions — wl@dock.io
  • We created an official URL to check KYC status — https://whitelist.dock.io
  • Our KYC provider is working with us to process all data and return results in a secure and prompt manner.

It’s worth mentioning the KYC provider we had issues with owned up to the mistake and has their top executives working directly with us to ensure things run smooth from here. Kudos to them for stepping up and owning the mistake.

Challenges of Running a Public Token Sale

The truth is it’s challenging to execute a public sale, which is why you see more and more successful projects opt to cancel public sales and do all private fundraising.

Projects that decide to take on the task of a public sale inherit multiple additional degrees of risk and complexities. Executing a fundraise via private presale is significantly easier for successful projects. We could have concluded our fundraise weeks ago had we chose to go completely private.

The additional costs of executing a public sale go well into six figures, take weeks to plan, and most importantly imply a huge responsibility to do everything in our power to protect our community from hackers and ensure a safe environment to the strongest possible extent.

It’s very important to us to include our community in this process and we’re willing to accept the risks and responsibilities that come with a public sale. We’re grateful to everyone who’s been involved and engaged in the community. The additional workload and risks were something we were willing to take on in order to create an inclusive process that rewards our community members. We appreciate each and every one of you and look forward to concluding the token sale on Feb 21st so we can move forward with growing an empowering network together.

As a reminder — The only authoritative channel of information is our website: https://dock.io. Information about whitelist status can we found on: https://whitelist.dock.io. Do not trust anyone who contacts you asking to send funds anywhere. We will never ask you to send funds to an Ethereum address.