Business 9 October 2017Cecille de Jesus
SmartBillions bet $450,000 that they can’t be hacked, and they got hacked
They pulled out what’s left of the prize money after someone successfully hacked their smart contract and started siphoning the funds.
Distributed server processing system Ethereum-based “not company” SmartBillions challenged hackers to hack their supposedly unhackable smart contract for the price of 1500ETH, and it backfired.
In what now looks nothing more than a hilarious mistake, SmartBillions announced their challenge through a press release on the Medium in October 2: “The development team is so confident in their product and its security that they will risk their own funds (1500 ETH), to demonstrate its safety.”
The dare, which intended to hype up an upcoming ICO by showing off their code’s “solid” security to potential investors, was also published on their website: “In order to validate the contract safety we put 1500ETH in SmartBillions smart contract 7 days before the ICO starts. Everyone’s invited to hack SmartBillions and withdraw the funds. Break the smart contract and get rich!”
While hackathons like this are usually launched by companies, they usually just put up a reasonably appealing prize money instead of “risking their own funds.”
A few days later, SmartBillions realized this was a mistake, but it cost them over a quarter of their funds. The successful hackers got away with a total of 400ETH (over $120,000), managing to pilfer 200ETH each before SmartBillions pulled out the rest of the prize money. While this is already a huge sum of money, people think it’s not enough: instead of backing out of their own challenge, SmartBillions should have honoured their word.
Instead, apart from the 400ETH, SmartBillions extended a congratulatory message to the hackers: “We would like to extend our congratulations to the person who first managed to withdraw funds from the smart contract of the official SmartBillions hackathon and express our satisfaction with the outcome. Two separate individuals proved capable of taking out 400 ETH ($120 000), which leads to an opportunity to implement further final smart contract security solutions in order to guarantee comprehensive Investor and lottery protection.”
They went on to clarify that this is actually a positive thing, as it gives their team time to improve things before the actual ICO.
“We witnessed the best possible scenario as the breach was revealed during the hackathon process, rather than during the ICO. We strongly believe in this community audit mechanism and, as a result, we’re launching the next hackathon today, following a revision of the smart contract conditions.”
The ICO launch, which happens on October 16, will ultimately conclude whether investors are still willing to bet their money on SmartBillions after this disastrous (and very expensive) PR failure.
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Business 6 hours ago
The Bitcoin Vision: Episode 14
Founding President of the Bitcoin Association Jimmy Nguyen is back this week for another update on technical developments in the Bitcoin SV ecosystem.
Business 6 hours ago
Dutchman arrested for alleged crypto mining fraud of $2.2 million
Dutch authorities arrested a 33-year-old businessperson for allegedly defrauding investors, taking their money to buy himself luxury goods.
Business 7 hours ago
Laos central bank warns against crypto use
Laos wants to remind its citizens that it really doesn’t like cryptocurrencies, and they’re illegal too.