The hacker stole a $7.7 million digital currency from the KICKICO platform, using a novel approach—destroying existing coins to create the same amount of SGD to a hacker-controlled address. This method escaped KICKICO’s surveillance because it did not change the number of issued KICKICO tokens. The hacker first tried to steal the encryption key of the KICKICO smart contract control.
KICKICO did not know that the key was stolen until the user complained that the digital currency worth about $800,000 in the wallet had disappeared. KICKICO claims that it has withdrawn the stolen token and returned it to the original owner. According to KICKICO, hackers use the key to destroy the digital currency of 40 addresses and create the same amount of new tokens at the other 40 addresses. It does not disclose how hackers steal keys.
According to KICKICO officials:
“The hackers gained access to the private key of the owner of the KickCoin smart contract. In order to hide the results of their activities, they employed methods used by the KickCoin smart contract in integration with the Bancor network: hackers destroyed tokens at approximately 40 addresses and created tokens at the other 40 addresses in the corresponding amount. In result, the total number of tokens in the network has not changed. But thanks to the rapid response of our community and our coordinated team work, we were able to regain control over the tokens and prevent further possible losses by replacing the compromised private key with the private key of the cold storage.”