With the technology getting sophisticated and seeping into our everyday lives, so does the cyber-crimes and data breaches. As a way to tackle cyber-attacks, more and more IT companies are not only taking their IT security seriously but also looking into ways to resolve their code vulnerabilities by initiating hackathons. Hackathons are the events where anyone who is interested in computer programming or feels they have the skill set to hack into any code is invited to participate. Hackers who manage to find faults are generously rewarded financially while the companies that initiated the hackathons get to improve the security and safety of their codes or projects. One such example is the recent incident with SmartBillions.
The SmartBillions’ case
SmartBillions, a decentralized lottery system managed by Ethereum smart contracts, recently challenged hackers to get through their system to show to their investors how securely their funds are. The SmartBillions development team was pretty confident about their platform’s security as they had put up a lot of resources and efforts in order to ensure that the best security features are in place for their potential investors. To make their hackathons attractive for the competent hackers, they put up a prize fund of 1,500 Ether which approximately totaled into $500 000 dollars. The hackathons terms state that any hacker who managed to breach the lotteries security system successfully will be able to withdraw some Ethereum from the hacked wallet. Within days the challenge seemingly got backfired as one hacker managed to hack into the system and withdraws 400 Ethers from the wallets.
As per the Reddit thread, the hacker managed to compromise the security of the smart contract by getting into the SmartBillions system and forcing it to make him a winner of large amount. The hacker quickly caught the flaw in the lottery functions and managed to win 200 Ether twice ($ 120,000) before the funds were immediately removed by the SmartBillions team.
Instead of showing distress, SmartBillions reacted to the hacking episode as gracefully as they can by congratulating the hacker for winning 400 Ether and releasing the following statement:
“We witnessed the best possible scenario as the breach was revealed during the hackathon process, rather than during the ICO. We strongly believe in this community audit mechanism and, as a result, we’re launching the next hackathon, following a revision of the smart contract conditions.”
Is the ICO safe enough?
Even though the company quickly announced to launch another hackathons, several people believed that SmartBillions’ team didn’t play fair with the hacker or hackers that managed to withdraw some of the fund. This is because the reward money was of 1,500 Ether, not whatever they could get before the funds were pulled back. As per an anonymous project’s associate, back door was used to instantly pull back the funds once the SmartBillions team became aware of successful hacking attempts. There are now speculations over the possibility of the incoming ICO on 16th October to be safe enough for investment or not as the very same hacking incident can repeat as well. The SmartBillions team now needs to thoroughly review their code and vigorously keep their safety procedure updated to ensure no more successful hacking effort will occur in future.
References used to write this article: