KICKICO, an ICO on the Ethereum blockchain protocol, was hacked on July 27, and about 70 million KICK tokens worth US $7.7 million were lost.
This security breach is unique, different from all blockchain network and token hacking attempts. This time, the hackers were able to breach the smart contracts of the KICKICO blockchain by obtaining the private key of the KickCoin smart contract. In the time that the attackers had access to the KickCoin smart contracts, they destroyed 40 address and created 40 new accounts with identical balances, essentially stealing user funds from 40 accounts. As the KICKICO blockchain accounts weren’t permanently deleted, rather replicated, the fixed supply of KickCoin remained intact after the breach.
The team learned about this problem after they received complaints from victims who did not receive tokens worth 800,000 dollars in their wallets. The KICKICO released a notice conveying the occurrence of the hack. A few hours after the breach, the team was able to regain access to the smart contract and replace the compromised private key with the private key in its cold wallet, to protect the private network and the remaining investor funds.
On July 10, a similar incident had occurred with Bancor, which became the largest ICO of all time after raising about $150 million. It was hacked and lost around $13.5 million of its own funds to a group of hackers. The reason given for the same was that a wallet which was used to upgrade the smart contract was hindered. This wallet was then used to withdraw ETH in the BNT smart contract in the amount of $12.5 million.
KICKICO emphasised that they would reimburse the lost KickCoin to each of those 40 accounts, recreating 40 wallets that were compromised. The developers theorised that an increasing number of hackers had targeted the ICO, as its price nearly tripled from $0.04 to $0.12 in the past two weeks.
Nonetheless, such a claim does not suffice the occurrence of this security breach or hacking attack, given that every other digital asset, token, ICO tokens, and blockchain projects are a target of several hundred sophisticated hackers across the globe. This does ring alarms in the community, with an increasing need of an upgrade of security measures though.