Cyber Incident Victim: KICKICO
Date:
Jul 2018
Location:
South Korea
Summary
Hackers compromised KICKICO's blockchain platform by obtaining the private key to its smart contract, enabling unauthorized access to manipulate token holdings. The attackers destroyed tokens at approximately 40 addresses and created equivalent amounts at other addresses, resulting in the theft of over 70 million KickCoins valued at approximately $8 million. The platform regained control by replacing compromised keys with cold storage solutions and initiated full reimbursement for all affected addresses. The breach was detected following user reports of missing tokens totaling $800,000, prompting immediate containment efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 26, 2018, KICKICO, a platform enabling Initial Coin Offerings (ICOs), crowdfunding, and crowdinvesting campaigns, suffered a security breach resulting in the theft of approximately 70 million KickCoins valued at $7.7 million. Attackers compromised the platform by obtaining the private key controlling KickCoin's smart contract, granting them direct access to manipulate the blockchain. The breach was executed methodically, with hackers destroying tokens at approximately 40 wallet addresses while simultaneously creating new tokens at another 40 addresses in equivalent amounts. This systematic redistribution allowed the attackers to illegitimately acquire the cryptocurrency holdings. KICKICO's security team became aware of the incident after receiving complaints from users who discovered missing tokens totaling $800,000 from their wallets, indicating the attack had already been underway when detected. The timing and precision of the token manipulation suggested extensive reconnaissance and planning by the threat actors prior to execution.
KICKICO's response involved immediate containment measures, including regaining control of the compromised smart contract and replacing the breached private keys with new keys stored in cold storage to prevent further unauthorized access. The company publicly confirmed the security breach through an official blog post, detailing both the attack vector and their remediation steps. As part of recovery efforts, KICKICO initiated full reimbursement to all 40 affected wallet addresses, restoring the stolen assets to legitimate users. The incident highlighted vulnerabilities in smart contract key management within blockchain platforms, particularly for ICO projects that had become frequent targets due to the rising value of cryptocurrencies. This breach occurred amid a broader pattern of cryptocurrency exchange and ICO hacks throughout 2017-2018, including notable incidents affecting CoinDash, Parity Technologies, and Coincheck, collectively resulting in hundreds of millions of dollars in losses across the ecosystem. The operational disruption to KICKICO's platform services during the incident response period constituted an additional business impact beyond the direct financial theft.