[ad_1]
Where there is a will, there is a way.
The KICKICO (KICK) platform was hacked and about 7.7 million user chips were stolen on July 26th.
In this case, the thieves managed to get on KickCoin's smart contract owner's private keys, and used their access to destroy tokens in about 40 different wallets, and make the same amount reappear in others. locations.
Once alerted to theft, KICKICO changed the old smart key contract from the same private key that used for cold storage.
The ubiquitous risk of hacking attacks badociated with the lack of formal requirements of crypto-cybersecurity has resulted in the evolution of a series of best practices. But new projects will be exposed to new risks, and smart contracts in particular open up new potential problems.
Here, the problem could have been avoided at several stages if:
- The thieves could not get the private keys of the smart contract owner. We still do not know how they did it, but phishing can be a remarkably effective way of targeting an individual with malware like a keylogger.
- Thieves do not have access to the smart contract even with the owner's private keys. This could have been avoided, or at least made much more difficult, with two-factor authentication
- The contract itself could not perform any function that could be used for theft, in this case the ability to destroy and create tokens. Assuming that the functionality was not deliberate, this could have been avoided through a rigorous audit of the contracts.
"Like the other ICO violations we saw recently as Bancor, it could have been avoided if smart contracts were audited." says Yo Kwon, CEO and founder of Hosho Blockchain cybersecurity company. "KICKICO's hacking exploits a weakness that has always existed with their smart contracts and the IFAs must give confidence to those who interact with them in their security practices."
"In addition to discovering security breaches, Hosho Smart Contracts audits indicate whether such a risk exists or not because it is a liability to investors and stock exchanges Any major source of funds or access to powerful smart contracts should at least use multi-signature verification. "
the consequences, KICKICO said that the problem is resolved and promised to repay all affected users.
Whenever there is more than one step to potentially prevent or reduce the risk of theft, it may be worth taking them all. Disclosure: At the time of writing this article, the author was ETH, IOTA, ICX, VET, XLM, BTC, ADA
Warning:
This information should not be construed as a cryptocurrency endorsement or a specific vendor,
service or offer. This is not a trade recommendation. Cryptocurrencies are speculative, complex and
have significant risks – they are highly volatile and sensitive to secondary activity. Performance
is unpredictable and past performance does not prejudge future performance. Consider your own
circumstances, and get your own advice, before relying on this information. You should also check
the nature of any product or service (including its legal status and relevant regulatory requirements)
and consult the websites of the relevant regulatory agencies before making a decision. Finder, or the author, can
have funds in the cryptocurrencies discussed.
Crypto explained
{"theme": "dark", "direction": "vertical", "showArrows": true, "playerOptions": {"legends": true, "popupOnScroll": true, "subscribe you ": {" title ":" SUBSCRIBE "," url ":" https://www.youtube.com/c/cryptofinder?sub_confirmation=1 "," visibleOnMain ": true," visibleOnPopup ": true}} , "active": {"index": null, "start": 0, "end": null, "thumb": "", "thumbAnimation": "kenburns-up-right", "title": null}, "yt": {"method": "playlistItems", "params": {"playlistId": "PLUrt4pAH4g28gehvPkL1VDHlNXR7zksYB"}}}
Latest news from crypto-coins
Image: Shutterstock
Source link