Users are able to submit an incident report to the Sentinels by clicking “Report Now” below the UPPward search bar. Alternatively, users can make a report at the following URL “https://portal.sentinelprotocol.io/create/case”.

Upon arriving at the reporting portal website, users are required to fill in the form with necessary information. The fields in the reporting form will be elaborated on below.


Take note that Sentinels and Uppsala employees will never ask for any personal information such as phone numbers, private keys, password or credit card information under any other circumstances. Please do not input any such information in the reporting portal. 

Security Type: How the reported indicator would be labelled as once approved. Indicators under ‘blacklist’ will be reviewed and if approved, will be considered as malicious content. Likewise, indicators under ‘whitelist’ will be considered as legitimate content once reviewed and approved.

Reporting Target: The indicator such as URL, email address and crypto wallet address the users wish to report to the Sentinels for blacklisting or whitelisting. For URLs, it is recommended for users to specify whether it begins with HTTP or HTTPS.


Data Type: This field will be automatically filled once the user has input data inside the Reporting Target field. If the user thinks that it is incorrect, he can change the data type manually. Please take note that Facebook, Youtube, Twitter and Telegram links should fall under the “Social Media" Data Type instead of “URL”.


Data Sub Type: Similarly to the Data Type field, this field will be automatically filled. It can also be changed by users manually.


Tags: Users are recommended to use at least one tag related to the reporting target. If you are unsure about which tag to choose, you may follow the guidelines below:

  • Phishing - The bad actor operated by stealing confidential information such as passwords and private keys by appearing to be from a legitimate source. E.g. fake MyEtherWallet sites.

  • Malware - Software which purposely performs tasks which damages, disrupts or grants unauthorized personnel access to a computer system or steals information. E.g. ransomware, trojans.

  • Scam - The malicious actor operated by deceiving users of their funds by appearing to be legitimate. E.g. Trust-trading scams, Giveaway scams, Admin impersonation scams on Telegram.

  • Hacks - The reporting target is involved in a large scale hack, such as the Cryptopia hack and the DragonEx hack.

  • Exploits - The malicious actor operates by exploiting a bug or vulnerability in a system.


Details: Users are highly recommended to describe the incident in as much detail as possible. For example:

  • Describe how you could have lost your crypto assets.

  • Describe how you believe may have found a potential suspicious website or wallet address.

  • Did you accidentally arrive at a suspicious website?

  • Did you receive a suspicious email?

  • Did you download any suspicious files?


Attachments (optional): This field is purely optional. However, users are recommended to provide as much evidence as possible, such as screenshots of the malicious content. 


Contact (optional): An email address belonging to the user who made a user report. While this is optional, it is recommended to provide an email address so that the Sentinels may get in touch with the user if they need to clarify any information submitted by the user. Users’ email addresses would be not used in any other way.