KickCoin attack: KickCoin suffered $7.7M loss, says full refunds for all
Cryptocurrency is the New York of the digital world. It’s always under attack and is the most attack entity of the digital world. Another attack happened on Kickcoin owned KickICO, which is an initial coin offering support platform. The attack worth $7.7 million and announced in an official blog post a full refund to its buyers.
CEO, Anti Danilevski reported that his team discovered that 70 odd million Kick tokens were missing from their wallet. This happened because the KickCoin smart contract owner’s private keys were compromised. Not only this, many user wallets were attacked too and their funds were stolen along with the owner’s wallet.
Danilevski first sensed the theft when many users started complaining that they cannot see tokens worth $800,000 in total in their respective wallets.
“The hackers gained access to the private key of the owner of the KickCoin smart contract. In order to hide the results of their activities, they employed methods used by the KickCoin smart contract in integration with the Bancor network: hackers destroyed tokens at approximately 40 addresses and created tokens at the other 40 addresses in the corresponding amount. In result, the total number of tokens in the network has not changed. But thanks to the rapid response of our community and our coordinated teamwork, we were able to regain control over the tokens and prevent further possible losses by replacing the compromised private key with the private key of the cold storage.” said Danilevski.
Furthermore, a spokesperson from Bancor said “A spokesperson from Bancor told CoinDesk that the specific function which allowed the smart contract's private key to be compromised was built by KickICO, "and was not a prerequisite nor part of its integration of Bancor. "Whether you put this capability into your token or not is totally independent of an integration with Bancor. And if you decide to build this capability into your token, you must protect it."
Here’s a screenshot of the official blog post shared.
The company takes the full responsibility for the loss and has announced full refunds of the lost money. Furthermore, the company has also confirmed that all the user’s wallets are safe and will remain safe from similar attacks.
They seem to have figured out the real reason behind this attack and they’re sure they’ll prevent this from happening again.
However, it is the user’s duty to ensure utmost security of their own funds as the platform they’re relying on is a centralized system (which is a bit of irony) and hence has a single point of attack(s).
That is, it can fail just like other traditional systems fail. Look out for the supported wallets and ask for hardware wallet support from the company. Hardware wallets are the best way you can safeguard your funds.