A relatively new coin that is meant to integrate with many ICOs already on the Ethereum network just had a catastrophic breach involving its smart contract. According to the team behind the project, named KickCoin or KICKICO, over 70,000,000 KICK were stolen from 40 wallets, amounting to roughly $7.7 million.
“On July 26 at 9:04 (UTC) KICKICO has experienced a security breach, which resulted in the attackers gaining access to the account of the KICK smart contract—tokens of the KICKICO platform. The team learned about this incident after the complaints of several victims, who did not find tokens worth 800 thousand dollars in their wallets,” the team said in a statement published on Medium.
After investigating what may have caused this breach, the KickCoin team found that the hackers somehow “gained access” to the private key of the smart contract’s owner. This allowed them to fiddle with the way KickCoin integrated with Bancor and burn all of the tokens off of 40 wallet addresses then mint them into another 40.
They did this in such a fashion that they did not affect the supply of KickCoin in the network, but have placed 70 million tokens under their control.
The hackers’ bask in glory didn’t last long, however, as the team and community managed to restore control to the smart contract. Regardless, they were able to run away with what amounts to more than 10% of the entire KICK supply.
“Thanks to the rapid response of our community and our coordinated team work [sic], we were able to regain control over the tokens and prevent further possible losses by replacing the compromised private key with the private key of the cold storage,” the team wrote.
This is the second time that the decentralized Bancor exchange was used in a breach. The first time, Bancor itself was compromised, resulting in the loss of over $23 million in tokens.
The KickCoin team promises to reimburse the individuals who suffered losses as a result of this breach once they email [email protected].