On Friday, ICO platform KickICO acknowledged a security breach during which an unknown attacker (or attackers) stole over 70 million KICK tokens ($7.7 million at the time of the hack) from the platform's wallets.
According to KickICO CEO Anti Danilevski, the hack took place on Thursday, July 26, at 09:04 UTC.
Danilevski says his team learned of the hack from victims who complained to the company. One victim reported that about $800,000 worth of KICK tokens suddenly went missing from his wallet.
The exec says his team immediately started investigating the hack in light of the report. The investigation revealed that the intruder managed to gain access to the private key of the KickICO platform that the developers were using to manage the KICK token (also known as KickCoin) smart contract.
The hacker used this key to alter the smart contract's behavior. This smart contract is how KICK tokens are traded on top of the Ethereum platform.
Danilevski says the hacker destroyed KICK tokens at approximately 40 addresses and created the same amount of tokens at other 40 wallets, which were under his control.
This trick didn't change the number of KICK tokens issued on the network, and hence evaded the platform's security measures put in place to analyze sudden shifts in total cryptocurrency funds available on the market.
"Thanks to the rapid response of our community and our coordinated team work [sic], we were able to regain control over the tokens and prevent further possible losses by replacing the compromised private key with the private key of the cold storage," Danilevski said.
KickICO devs say they've regained access over the KICK smart contract and are urging users who lost funds in the hack to reach out via email at email@example.com.
"KICKICO guarantees to return all tokens to KickCoin holders. We apologize for the inconveniences," Danilevski said.