On July 26 at 9:04 (UTC) KICKICO, a platform for ICO, crowdinvesting and crowdfunding, has experienced a security breach, which resulted in the attackers gaining access to the account of the KICK smart contract — tokens of the KICKICO platform.
The KICKICO team learned about this incident after the complaints of several victims, who did not find tokens worth $800 000 in their wallets.
During the investigation, it was found that the total amount of stolen funds is 70 million KICK, which at the current exchange rate is equivalent to $7,7 million.
On July 27, the KICKICO team wrote in Medium blog post that the control over the smart contract was fully restored.
The hackers gained access to the private key of the owner of the KickCoin smart contract. In order to hide the results of their activities, they employed methods used by the KickCoin smart contract in integration with the Bancor network: hackers destroyed tokens at approximately 40 addresses and created tokens at the other 40 addresses in the corresponding amount. In result, the total number of tokens in the network has not changed. The KICKICO team regained control over the tokens and prevented further possible losses by replacing the compromised private key with the private key of the cold storage.
“KICKICO guarantees to return all tokens to KickCoin holders. We apologize for the inconveniences, but claim that the situation is under control”, – wrote the team.