KICKICO Another Smart Contract Hacking Scandal

Hackers were able to gain access to KICKICO’s smart contracts, stealing around $7.7 million. We look at how this could happen and what it means for the wider blockchain community.

By Jen van Lier
Published Aug 2nd, 2018
KICKICO Another Smart Contract Hacking Scandal

kickico hack

KICKICO had a security breach that was discovered on July 27, 2018. Hackers were able to gain access to KICKICO’s smart contracts. They managed to steal around $7.7 million. It was later announced that all the stolen money would be returned to the owners of the wallets tampered with. This was yet another Bancor-related hack. The hackers managed to gain access by using methods employed by KICKICO smart contracts integrated with the Bancor network.

What went down at KICKICO

By gaining access to KICKICO’s smart contracts, the hackers were able to obliterate tokens in 40 user accounts and recreated replica accounts furnishing them with the corresponding tokens. The funds from the blockchain network were not permanently destroyed but rather transferred or replicated to other exact accounts the supply of KICKcoin remained the same. This transgression came to light when various KICKcoin wallet owners started to complain that they had not received the expected $800 000 in their wallets.

Will the funds be returned and why did it happen?

Members of the KICK community were assured that all tokens would be reimbursed in full. They have since replaced the private key in its cold wallet, and remaining accounts are secured. The KICKICO team posted the following statement:

“thanks to the rapid response of our community and our coordinated teamwork, we were able to regain control over the tokens and prevent further possible losses by replacing the compromised private key with the private key of the cold storage.”

Kickcoins have recently experienced rapid price gains, and the team is speculating that this was perhaps the reason for the hack. Kickcoin tripled in price in the last 2 or so weeks. While this could have been a contributing factor, however, this still does not justify the fact that hackers were successfully able to access the smart contracts.

Bancor and KICKICO

Earlier this month Bancor was hacked to the tune of $15.5 million.  Luckily in this incident user wallets and funds were unaffected. However, it did cause cryptocurrency community member to cast shade on the structure of the Bancor Network.

In August of 2017 KICKICO announced that it had formed a Strategic Partnership with Bancor and that it would be offering Bancor ‘Smart Token’ solution to all projects raising funds on the platform.  This would bring hundreds of tokens to the Bancor Network. The strong relationship between the two will surely once again cause the community to question the quality of security that Bancor systems offer.

Conclusion

While KICKICO was fast to respond and to secure the funds for their community members, there is a deep concern amongst the broader blockchain community that these particular hackers were successful in their attempt to find a way to meddle with the smart contracts and steal coins.

As hackers become more sophisticated in their processes of gaining illegal access to wallets, how are ICOs going to tweak their security systems to prevent this?  It is at the end of the day the individual’s responsibility, however, to keep a close track of their personal wallets and finances.