KICKICO, an initial coin offering (ICO) project launched on top of the Ethereum blockchain protocol, was hacked on July 27, losing more than 70 million KICK worth $7.7 million.
Smart Contract Breach
Dissimilar to most cryptocurrency, blockchain network, and token hacking attempts, the security breach of KICKICO was unique in that the hackers were able to gain direct access to the smart contract of the KICKICO blockchain network by obtaining the private key of the KickCoin smart contract.
During the period in which the hackers had complete access to the KickCoin smart contract, attackers destroyed 40 addresses and created 40 new accounts with identical balances, essentially stealing user funds from 40 different accounts. Since the stolen funds from the KICKICO blockchain network were not permanently destroyed but replicated, the fixed supply of KICKICO remained the same subsequent to the breach.
“KICKICO has experienced a security breach, which resulted in the attackers gaining access to the account of the KICK smart contract — tokens of the KICKICO platform. The team learned about this incident after the complaints of several victims, who did not find tokens worth 800 thousand dollars in their wallets,” KICKICO said in a notice.
A few hours after the incident, the KICKICO team was able to regain access to its smart contract and replaced the compromised private key with the private key in its cold wallet, to protect the network and remaining user funds.
“But thanks to the rapid response of our community and our coordinated team work, we were able to regain control over the tokens and prevent further possible losses by replacing the compromised private key with the private key of the cold storage,” the KICKICO team added.
The KICKICO team emphasized in its official announcement that to the owners of the 40 accounts, the company will fully reimburse every user with KickCoin, recreating 40 wallets that were compromised.
Developers at KICKICO theorized that an increased number of hackers targeted the KICKICO network after KickCoin experienced exponential growth in the past two weeks, as its price tripled from $0.04 (ICO price) to $0.12.
However, such a claim is not sufficient to justify a security breach or a successful hacking attack, given that every other major digital assets, ICO tokens, and blockchains project are targets of hundrds of thousands of sophisticated hackers worldwide.
Similar Problem With Bancor
On July 10, just about three and a half weeks ago, Bancor, the fourth largest ICO of all time that raised $150 million, was hacked, losing $13.5 million of its own funds to a group of hackers.
“A wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of $12.5 million,” the official statement of Bancor read.
Fortunately, in the case of Bancor, no user wallets and funds were compromised or stolen, but the situation triggered cryptocurrency researchers and experts to criticize the structure of the Bancor network.
Featured image from Shutterstock.