SmartBillions bet $450,000 that they can’t be hacked, and they got hacked

They pulled out what’s left of the prize money after someone successfully hacked their smart contract and started siphoning the funds.

Distributed server processing system Ethereum-based “not company” SmartBillions challenged hackers to hack their supposedly unhackable smart contract for the price of 1500ETH, and it backfired.

In what now looks nothing more than a hilarious mistake, SmartBillions announced their challenge through a press release on the Medium in October 2: “The development team is so confident in their product and its security that they will risk their own funds (1500 ETH), to demonstrate its safety.”

The dare, which intended to hype up an upcoming ICO by showing off their code’s “solid” security to potential investors, was also published on their website: “In order to validate the contract safety we put 1500ETH in SmartBillions smart contract 7 days before the ICO starts. Everyone’s invited to hack SmartBillions and withdraw the funds. Break the smart contract and get rich!”

While hackathons like this are usually launched by companies, they usually just put up a reasonably appealing prize money instead of “risking their own funds.”

A few days later, SmartBillions realized this was a mistake, but it cost them over a quarter of their funds. The successful hackers got away with a total of 400ETH (over $120,000), managing to pilfer 200ETH each before SmartBillions pulled out the rest of the prize money. While this is already a huge sum of money, people think it’s not enough: instead of backing out of their own challenge, SmartBillions should have honoured their word.

Instead, apart from the 400ETH, SmartBillions extended a congratulatory message to the hackers: “We would like to extend our congratulations to the person who first managed to withdraw funds from the smart contract of the official SmartBillions hackathon and express our satisfaction with the outcome. Two separate individuals proved capable of taking out 400 ETH ($120 000), which leads to an opportunity to implement further final smart contract security solutions in order to guarantee comprehensive Investor and lottery protection.”

They went on to clarify that this is actually a positive thing, as it gives their team time to improve things before the actual ICO.

“We witnessed the best possible scenario as the breach was revealed during the hackathon process, rather than during the ICO. We strongly believe in this community audit mechanism and, as a result, we’re launching the next hackathon today, following a revision of the smart contract conditions.”

The ICO launch, which happens on October 16, will ultimately conclude whether investors are still willing to bet their money on SmartBillions after this disastrous (and very expensive) PR failure.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.