KICKICO, a blockchain-based initial coin offering (ICO) support platform, has fallen victim to a suspected cyber attack and lost more than 70 million KICK tokens (or KickCoins) worth an estimated $7.7 million.
In a statement released on its Medium post on July 26, the company acknowledged the security breach, informing its customers that an unknown attacker managed to gain access to the account of the KICK smart contracts and the tokens of the KICKICO platform on last Thursday at around 9:04 (UTC).
KICKICO admitted that the company had no clue about the security breach until and unless several of its customers fell victim and complained about losing KickCoin tokens worth $800,000 from their wallets overnight.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
However, after investigating, the company found that the total amount of stolen funds was 70,000,000 KickCoin, which, at the current exchange rate, is equivalent to $ 7.7 million.
KICKICO reported that suspected attackers managed to gain direct access to the smart contract of the project's blockchain network by obtaining the private key, which eventually allowed the attacker to steal KickCoins from the users' wallets.
Here's How the Hacker Managed to Steal 7 Million Tokens
After gaining full access to the KickCoin smart contract, the unknown hacker destroyed tokens at approximately 40 different addresses and transferred them to 40 fake addresses controlled by him to leave no trace.
As a result, the stolen funds from the KICKICO blockchain network did not permanently destroy, and the total number of tokens in the network remained the same after the security incident, enabling the thief to fly under the radar.
However, a few hours after the incident, the project was able to fully regain access to its smart contract and replaced the compromised private key with the private key in its cold storage to prevent further possible losses.
KICKICO Promised to Refund All Stolen Tokens to Their Owners
The KICKICO team has also promised to return all tokens to their owners, saying:
"KICKICO guarantees to return all tokens to KickCoin holders. We apologize for the inconveniences, but claim that the situation is under control."So, if you are one of those who lost their tokens in the breach, you can send an email to the KICKICO team to get your refund.
"The project team asks all those whose tokens have been stolen to email firstname.lastname@example.org for the return of funds to wallets."
This incident is the latest in a long list of attacks against the cryptocurrency markets. Barely two weeks ago, decentralized exchange platform Bancor also suffered a $23.5 million loss due to a cyber-attack.