ICO platforms are becoming a privileged target for hackers, the last victim in order of time is KickICO, a Blockchain crowdfunding website for ICO.
On Friday, KickICO disclosed a security breach, according to the platform attackers accessed to its wallets and stole over 70 million KICK tokens (roughly $7.7 million at the time).
The incident occurred on July 26, at 09:04 UTC, KickICO CEO Anti Danilevski explained that its staff learned of the security breach from victims who complained to it.
“On July 26 at 9:04 (UTC) KICKICO has experienced a security breach, which resulted in the attackers gaining access to the account of the KICK smart contract — tokens of the KICKICO platform. The team learned about this incident after the complaints of several victims, who did not find tokens worth 800 thousand dollars in their wallets.” reads the data breach notification published by the company.
As of Friday, the company announced the situation was under control and the smart contract has been restored. KickICO announced it will return all stolen KICK tokens to their legitimate owners, for this reason, it invited them to connect via email [email protected]
“KICKICO guarantees to return all tokens to KickCoin holders. We apologize for the inconveniences,” Danilevski said.
The company quickly started an investigation on the security breach, the internal staff discovered that the attackers managed to gain access to the private key of the KickICO platform used by the developers to manage the KICK token smart contract.
Once obtained the key, the attackers used it to destroy KICK tokens at approximately 40 addresses and created the same amount of tokens at other 40 wallets he was controlling. Using this trick the overall number of tokens hasn’t changed and security measures in place were not able to detect the fraudulent activity.
“The hackers gained access to the private key of the owner of the KickCoin smart contract. In order to hide the results of their activities, they employed methods used by the KickCoin smart contract in integration with the Bancor network: hackers destroyed tokens at approximately 40 addresses and created tokens at the other 40 addresses in the corresponding amount. In result, the total number of tokens in the network has not changed. ” continues the notification.
Fortunately, the community quickly discovered the security breach and helped the platform to mitigate it. KICKICO quickly responded and prevented further losses by replacing the compromised private key with another one associated with the cold storage.
Read more: https://cryptovest.com/news/kickico-suffered-77m-hack-attack-says-will-return-stolen-kicko-tokens/
“After the incident, the KICK token, listed on the 136th position on Coinmarketcap, has lost 1.87% in the last 24 hours. However, the move may be influenced by the bearish mood of the entire crypto market after the SEC rejected a Bitcoin ETF proposed by the Winklevoss twins.” reported the website cryptovest.com.
The post KICKICO security breach – hackers stole over $7.7 million worth of KICK tokens appeared first on Security Affairs.