Followed by the Waves decentralized exchange (DEX) hack on Tuesday, KickICO lost $7.7 million in KICK tokens in a hack on Thursday. Initial coin offering support platform is another DEX that gained popularity in April 2018.
CEO, Anti Danilevski wrote in a blog post that the startup’s team discovered some discrepancies in their accounts.
The issue was reported to the team through repeated complaints of several victims, whose tokens worth $800,000 went missing from their wallets suddenly. The team looked into the matter immediately and found 70 million KICK tokens missing from the Kick Platform. This equals $7.7 million as of then.
The findings suggested that the hackers first got into the KickCoin (tokens of the platform) reserve, stole small chunks of the coins from in there. Then after through examination, the startup found out that several user wallets were emptied. The attackers were successful in their attempt by gaining access to the account of the KICK smart contract , by compromising the private key of the owners. The KickCoin smart contract is integrated with the Bancor network. The hack was only possible because of the fragile link that the both firms share in terms of young tech.
A similar attack on the Bancor network was made On July 10, just about three and a half weeks ago. Bancor, is the fourth largest ICO of all time that raised $150 million. It lost $13.5 million of its own funds to a group of hackers. The official statement of Bancor reads:
A wallet used to upgrade some smart contracts was compromised. This compromised wallet was then used to withdraw ETH from the BNT smart contract in the amount of $12.5 million
Although the hackers did not sneak into the wallets of the users, the incident did spark up crypto critics, researchers and experts. Debates on the structure and security of the platform were triggered damaging repute and credibility of the firm.
Similarly, the KickICO hackers made a move to hit not just the monetary stabilization of the startup but also the customer base and following took a hard hit. The hack was external. And yet the startup is committed to returning tokens to all holders defrauded.
Kick has restored all lost tokens according to the blog entry. Users have been notified to report to , firstname.lastname@example.org, for the return of funds to wallets because Kick is hoping to keep its conscience clear as a responsible and active firm in the market. The CEO wrote in the posts:
Thanks to the rapid response of our community and our coordinated team work, we were able to regain control over the tokens and prevent further possible losses by replacing the compromised private key with the private key of the cold storage.
The CEO spoke out on the matter saying all effort are being made to return the money as safely and fairly as possible. As to why it took so long for the team to figure he said:
The hackers allegedly destroyed tokens on 40 different wallet addresses and generated tokens on 40 different addresses to evade detection from KickICO’s team
The platform, which launched in mid-2017, raised 5,000 ETH in a pre-ICO funding round, and now hopes to raise a further 100,000 ETH during its token sale. To that end, the project has partnered with Bancor, as well as blockchain startups Pacatum, Coinhills and Qoin.
Although the situation is said to be under control and all wallets are safe, again the damage of the breach will show up as changes in the user base after the incident in contrast to before. Security break-ins in the crypto world are not a new phenomenon anyway. Firms have contingency plans, but how sustainable can damage control really be, is a question whose answer is yet to be cracked by the brilliant business minds behind these brilliant (but sometimes prone to default) ideas.