1) The copy is not great, and is not of the standard you would expect from a supposedly American company: "In accordance with its disclosure policy, Treadwell Stanton DuPont won't be saying exactly how they did it — because once the proof-of-concept is out, anyone with enough computing power will be able to produce a SHA-256 collision, rendering the algorithm both insecure and obsolete."
2) The phone number listed is 917, which usually (not always) is for mobile phones in NYC. (Which finance firm can't afford a nice 212/800 central number from Verizon?)
host -t mx treadwell-stanton.com
treadwell-stanton.com mail is handled by 10 mailstore1.europe.secureserver.net.
treadwell-stanton.com mail is handled by 0 smtp.europe.secureserver.net.
FINRA, SEC, etc would probably not be pleased with Godaddy email.
This is not a quick fake site. Too much went into it. Also, their social media profiles go back to Oct. 2017. If it's a fake company (and that seems likely), they are playing the long con.
0) they provide no evidence whatsoever (e.g. they could just provide a SHA256 collision and be credible) and have not contacted or involved anyone in the security and/or cryptography fields, just went straight for the marketing copy.
And if you Google for "Treadwell Stanton" the results are almost all about this announcement and fizzle out after three or four pages with nothing dating back further than a few months. Their Twitter page is mostly noise too.
By some unknown blockchain miners with no proof that want to sell you one of 25 units instead of operating them using something something quantum? No, it wasn't. Come on.
It's not just that, they're claiming computationally feasible preimage attack, something which AFAIK has not been feasibly achieved in SHA1 (SHAttered is a collision attack).
Unlikely, but regardless if they have a preimage attack they could simply release a collision.
That is a much lower standard than a preimage (and trivial if you do have the computational ability to preimage), and was sufficient to declare SHA1 broken (SHAttered is a public collision, AFAIK there still is no preimage against a "full strength" SHA1).
1) The copy is not great, and is not of the standard you would expect from a supposedly American company: "In accordance with its disclosure policy, Treadwell Stanton DuPont won't be saying exactly how they did it — because once the proof-of-concept is out, anyone with enough computing power will be able to produce a SHA-256 collision, rendering the algorithm both insecure and obsolete."
2) The phone number listed is 917, which usually (not always) is for mobile phones in NYC. (Which finance firm can't afford a nice 212/800 central number from Verizon?)
3) Their About Us page doesn't actually list any real names of executives and directors: https://www.treadwell-stanton.com/about-us
4) Their email is hosted by Godaddy:
host -t mx treadwell-stanton.com treadwell-stanton.com mail is handled by 10 mailstore1.europe.secureserver.net. treadwell-stanton.com mail is handled by 0 smtp.europe.secureserver.net.
FINRA, SEC, etc would probably not be pleased with Godaddy email.