KICKICO reported that it lost $7.7 million of KICK tokens in a hack last week.
CEO Anti Danilevski wrote in a blog post that, on July 26, “KICKICO has experienced a security breach, which resulted in the attackers gaining access to the account of the KICK smart contract — tokens of the KICKICO platform. The team learned about this incident after the complaints of several victims, who did not find tokens worth $800,000 in their wallets.”
During the investigation, the company found that the total amount of stolen funds was 70,000,000 KICK, which, at the current exchange rate, is equivalent to $ 7.7 million. Danilevski explained that hackers gained access to the private key of the KickCoin owner’s smart contract, employing methods used by the KickCoin smart contract, in integration with the Bancor network, to hide their activity.
A spokesperson from Bancor told CoinDesk that the specific function, which allowed the smart contract’s private key to be compromised, was built by KICKICO, “and was not a prerequisite nor part of its integration of Bancor.”
“Whether you put this capability into your token or not is totally independent from an integration with Bancor. And if you decide to build this capability into your token, you must protect it,” the spokesperson said.
“Hackers destroyed tokens at approximately 40 addresses and created tokens at the other 40 addresses in the corresponding amount,” wrote Danilevski. “In result, the total number of tokens in the network has not changed. But thanks to the rapid response of our community and our coordinated teamwork, we were able to regain control over the tokens and prevent further possible losses by replacing the compromised private key with the private key of the cold storage.”
He added that, at the moment, the problem has been eliminated and the wallets of KickCoin holders are safe. The company also pledged to return all tokens to its holders.