KICKICO Security Breach

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 15:30, 24 January 2023 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/kickicosecuritybreach.php}} thumb|KICKICOKickICO is a service which assists blockchain projects with raising funds for operation. In order to gain operating capital for their project, they use a smart contract to issue Kick tokens. While Kick ICO is not an exchange, it offers the ability to buy/sell tokens, and many platforms similarly have their own token. However, this cont...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

KICKICO

KickICO is a service which assists blockchain projects with raising funds for operation. In order to gain operating capital for their project, they use a smart contract to issue Kick tokens. While Kick ICO is not an exchange, it offers the ability to buy/sell tokens, and many platforms similarly have their own token.

However, this contract was managed by a single private key, which appears to have been breached, allowing an attacker to create their own KICK tokens. The attacker avoided detection by ensuring that the same number of tokens were destroyed as they had minted, however this meant that the tokens of legitimate purchasers were destroyed.

The Kick ICO team ultimately restored the tokens back to their rightful owners. It's unknown if anyone may have purchased the illegitimate tokens and suffered a loss, however there are no reports of this.

This is a global/international case not involving a specific country.

About KICKICO

"KICKICO [is] a blockchain-based initial coin offering (ICO) support platform" and "fundraising platform". "KickICO is a crowdfunding platform that supports AIO fundraising, but the auction sale takes place on both the KickICO platform and campaign tokens are automatically approved for listing on the KickEX exchange. As a result, both communities - platforms and exchanges - participate in the auction. This significantly increases the organic demand for traded tokens, as it reaches the audiences of both platforms and both communities. After the successful completion of the campaign and all the necessary checks, the company's tokens become available for trading on the KickEX exchange, receiving an automatic listing there."

"AIO (Auction based Initial Offering) is a type of crypto fundraising based on fair pricing, a know-how developed by the Kick Ecosystem team. Unlike ICO, IEO, IDO and other forms of fundraising, the price of a token, offered here for sale, is not fixed, but is formed by the users themselves during the auction. The greater demand for a token is, the higher its price, and vice versa. Companies have no direct influence on the value of the token, what makes pre-sales of the token at a 50-80% discount pointless. Thus, the price of the token is formed by the market itself and by the users participating in the auctions, who take into account the importance and relevance of the products offered by the company. So, the authors do not declare the price of their token, which, after entering the secondary market, can be collapsed by those who received early allocations with huge discounts: this kind of risk is excluded."

"CEO Anti Danilevski wrote in a blog post that, on July 26, "KICKICO has experienced a security breach, which resulted in the attackers gaining access to the account of the KICK smart contract — tokens of the KICKICO platform." KICKICO fell "victim to a suspected cyber attack and lost more than 70 million KICK tokens (or KickCoins) worth an estimated $7.7 million."

"[H]ackers were able to gain direct access to the smart contract of the KICKICO blockchain network by obtaining the private key of the KickCoin smart contract." "Once obtained the key, the attackers used it to destroy KICK tokens at approximately 40 addresses and created the same amount of tokens at other 40 wallets he was controlling. Using this trick the overall number of tokens hasn’t changed and security measures in place were not able to detect the fraudulent activity." "The team learned about this incident after the complaints of several victims, who did not find tokens worth 800 thousand dollars in their wallets." "KICKICO admitted that the company had no clue about the security breach until and unless several of its customers fell victim and complained about losing KickCoin tokens worth $800,000 from their wallets overnight."

"During the investigation, it was found that the total amount of stolen funds is 70,000,000 KICK, which at the current exchange rate is equivalent to $ 7.7 million."

“The hackers gained access to the private key of the owner of the KickCoin smart contract. In order to hide the results of their activities, they employed methods used by the KickCoin smart contract in integration with the Bancor network: hackers destroyed tokens at approximately 40 addresses and created tokens at the other 40 addresses in the corresponding amount. In result, the total number of tokens in the network has not changed.” continues the notification.

"The exec says his team immediately started investigating the hack in light of the report." "A few hours after the incident, the KICKICO team was able to regain access to its smart contract and replaced the compromised private key with the private key in its cold wallet, to protect the network and remaining user funds." "As of Friday, the company announced the situation was under control and the smart contract has been restored."

"Thanks to the rapid response of our community and our coordinated team work [sic], we were able to regain control over the tokens and prevent further possible losses by replacing the compromised private key with the private key of the cold storage," Danilevski said. “KICKICO guarantees to return all tokens to KickCoin holders. We apologize for the inconveniences,” Danilevski said. "KickICO announced it will return all stolen KICK tokens to their legitimate owners, for this reason, it invited them to connect via email."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - KICKICO Security Breach
Date Event Description
July 25th, 2018 12:00:00 AM First Event This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

It is unknown how much was recovered.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

Ultimately, no funds appear to have been lost in this case.

The situation highlights the importance of using multi-signature setups for security, rather than relying on a single key. It also highlights the importance of storing critical keys offline. This theft would not have been possible with either of these measures in place.

References

SlowMist Hacked - SlowMist Zone (Jun 25)

KICKICO Hacked: Cybercriminal Steals $7.7 Million from ICO Platform (Aug 8)

KICKICO security breach - hackers stole over $7.7 million worth of KICK tokensSecurity Affairs (Aug 8)

Another ICO Hacked: KICKICO Loses $8 Million After Smart Contract Breach (Aug 8)

KICKICO Announces It Lost Over $7M In Hack | PYMNTS.com (Aug 8)

Kickico Security Breach Issue Under Control All Kickcoins Will Be Returned (Aug 8)

KickICO Platform Loses $7.7 Million in Recent Hack (Aug 8)

KickICO (Aug 8)

Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=KICKICO_Security_Breach&oldid=369"