As you all have likely heard, regarding the recent KAPEX action, the news is as feared, unfortunately KAPEX has been compromised.
We urge the community to not buy KAPEX going forwards.
After investigating what happened, we can confirm that KODA or any other part of the ecosystem including SummitSwap has not been compromised.
In this blog post I will be explaining the difference between KAPEX and KODA and why this was possible.
But firstly to confirm the details, unfortunately KAPEX’s liquidity was drained by the hacker, this happened yesterday at approximately 16:00-16:30 (BST) (GMT +1) (17th October 2022).
Initially from PancakeSwap, then KODA/KAPEX liquidity on SummitSwap was also removed, and sold immediately, resulting in two ~65m (65,579,646) KODA sales.
Compromised wallet (KAPEX deployer): https://bscscan.com/address/0xf61fe76ea42f92c61bb293b23fa5fbf56f613cc9
New Wallet that holds stolen funds:
(At the time of writing they remain sat in this newly created wallet)
- Remove SummitSwap KAPEX/KODA LP TX:
https://bscscan.com/tx/0xf961f5fc6b125cc7056fe6a83387ef03fcb20dc1a5ff06ca0f8f89d69f8ee835 (This KODA was then sold see 2 transactions below)
- Remove PancakeSwap LP TX:
https://bscscan.com/tx/0x4bfa128c8fba26d732e59c1d087ac491ed260b978b58f4eb269336837978bb4b (Hacker Gained 29.42 BNB currently $8,081.52)
- Sell TX1: https://bscscan.com/tx/0x8572b7caa2f08feb3dc3ccfaede66128012a92a12aed32e7b93c8e7e0c577ca2 (Hacker Gained 10.6 BNB currently $2,911.81)
- Sell TX2:
https://bscscan.com/tx/0xa3b7424cfda2bde9f23df3c26f4c69d0281e5829305f2c0fed48831ac644c5a1 (Hacker Gained 10.08 BNB currently $2,768.87)
- The hacker then carried out multiple smaller transactions to sell KAPEX.
Such as- https://bscscan.com/tx/0x54233b34ebf4f3870ca2db50e77b0d36b8a0bbd155b76e2016ce9f2b372d0d6c
Total result was a loss of ~78.84 BNB which is approximately $21,561.84
It is clear that the hacker is very advanced and knew exactly what they were doing, there was unfortunately no opportunity to stop them.
Some background, I consider myself very careful and knowledgeable in the crypto space, which is why this came as such a shock.
The KAPEX deployer wallet that has been compromised was on a totally different set up to KODA’s and not linked to anything else other than KAPEX. I have not activated the wallet in some time, like any it is held securely and I have never shared the private key or other information. Our advice to the community is to never under any circumstances share this, so why would I break my own rule? Well in short, I didn’t.
After the shock settled, I spent the first couple of hours doubting myself, doubting everyone around me, wondering if this was a personal attack, wondering how this was even possible.
And as my brain kicked into gear I remembered that KAPEX was set up with a vanity address, this means the wallet was created using a separate system to normal. Not through metamask or the normal wallet providers. This allowed us to effectively choose the contract address to some level.
To highlight what was done at the time, look at the KAPEX address, and you can see that 1144 and c0da are at the beginning and end respectively.
KAPEX Contract: 0x11441afb1d10e3ce4e39666fc4f4a2a5d6d8c0da
This is known as a vanity address, and since I investigated this, it is evident that there is a known vanity address exploit. You can google “vanity address exploit” to find out more information or take a look at the references below which have some insight.
Note: KODA was NOT created using a vanity address, and therefore cannot be exploited in the same way.
Whilst this does not make up for what has happened, it allows us to understand, and have the relief that other parts of the ecosystem are not affected.
This exploit comes as a significant blow just as the FUD on myself had calmed and the KODA price was creeping up. For this I/ we can only apologise, and rest assured we are focused on learning from mistakes and making the overall ecosystem stronger as a result of this exploit going forwards. I have no news on what happens next yet, today’s concern was focused on explaining what happened first.
In the meantime we will be updating the websites to link to this blog post and hopefully prevent anyone buying KAPEX again as this is likely to be unrecoverable in any way.
Similar exploit documented on coin telegraph.
How its done