KICKICO ICO Hacked, Suffers Loses of $7.7 Million USD After Smart Contract Flaw
KICKICO was just another Initial Coin Offering (ICO) that was supposed to launch on top of the Ethereum blockchain. However, the project was hacked on July 27th and this made it lose more than 70 million KICK tokens, worth about 7.7 million USD.
Unlike most of the hackings so far, KICKICO’s hack attack was unique because the attackers were able to get a private key of the KickCoin smart contract. This way, they were able to get access to the smart contracts of the company. During this period, the attackers destroyed about 40 addresses and created 40 new accounts with identical balances, basically stealing the funds.
As the stolen funds were not destroyed or replicated, the fixed supply stayed the same after the breach. The company only found out after the clients discovered the breach and had already lost more than $800,000 USD in tokens in some cases.
A few hours after the attack, the company was already able to get the access back and replaced the private key of the smart contracts with the private key used in its cold wallet but a lot of money was already lost at this point.
Fortunately, the company has emphasized during an official announcement that the owners of the 40 hacked accounts will be fully reimbursed with all the money that they lost, but the company will lose a lot of money by doing so.
According to developers, the attack happened after KICKICO had a price surge in the last couple weeks and its price tripled from $0.04 USD (the ICO price) to $0.12 USD. However, the company was not able to completely explain how the attackers were able to successfully breach its security.
Bancor Had a Similar Problem This Month
KICKICO was not the only company that was hacked as Bancor was also hacked less than a month ago. The company had the fourth largest ICO of all time and it was able to raise $150 million USD. However, the attack made it lose $13.5 million USD of its own funds.
According to the official statement of Bancor, a compromised wallet was used to withdraw ETH from the BNT smart contract and the company lost the money. However, no user wallets were affected by the security breach in this case.