Apply Now

    -

    Book a Session...

    Want to join the community and buy Koda but don't know where to start?
    We're hosting open sessions online and at our head office to talk you through every step of the process.

      Press Enquiries

      Welcome to the new 'Koda Cryptocurrency'. This is our official website. Contract address is: 0x8094e772fA4A60bdEb1DfEC56AB040e17DD608D5

      info@koda.finance TELEGRAM DISCORD

      What's On

      Please contact us if you would like more information on any of the events listed. Email: marketing@koda.finance

      KAPEX Exploit on 17th October 2022.

      < Return to news

      Oct 18 2022 | By

      KAPEX Exploit

       

      As you all have likely heard, regarding the recent KAPEX action, the news is as feared, unfortunately KAPEX has been compromised.

       

      We urge the community to not buy KAPEX going forwards.

       

      After investigating what happened, we can confirm that KODA or any other part of the ecosystem including SummitSwap has not been compromised.

      In this blog post I will be explaining the difference between KAPEX and KODA and why this was possible.

      But firstly to confirm the details, unfortunately KAPEX’s liquidity was drained by the hacker, this happened yesterday at approximately 16:00-16:30 (BST) (GMT +1) (17th October 2022).

      Initially from PancakeSwap, then KODA/KAPEX liquidity on SummitSwap was also removed, and sold immediately, resulting in two ~65m (65,579,646) KODA sales.

       


      Compromised wallet (KAPEX deployer): https://bscscan.com/address/0xf61fe76ea42f92c61bb293b23fa5fbf56f613cc9


      New Wallet that holds stolen funds:
      https://bscscan.com/address/0x16ba7917be5e8832c57bafbbd4131291cfcadc3c
      (At the time of writing they remain sat in this newly created wallet)

       

      Relevant transactions:

       

      Total result was a loss of ~78.84 BNB which is approximately $21,561.84

       

      It is clear that the hacker is very advanced and knew exactly what they were doing, there was unfortunately no opportunity to stop them.

      Some background, I consider myself very careful and knowledgeable in the crypto space, which is why this came as such a shock.
      The KAPEX deployer wallet that has been compromised was on a totally different set up to KODA’s and not linked to anything else other than KAPEX. I have not activated the wallet in some time, like any it is held securely and I have never shared the private key or other information. Our advice to the community is to never under any circumstances share this, so why would I break my own rule? Well in short, I didn’t.

       

      After the shock settled, I spent the first couple of hours doubting myself, doubting everyone around me, wondering if this was a personal attack, wondering how this was even possible.
      And as my brain kicked into gear I remembered that KAPEX was set up with a vanity address, this means the wallet was created using a separate system to normal. Not through metamask or the normal wallet providers. This allowed us to effectively choose the contract address to some level.
      To highlight what was done at the time, look at the KAPEX address, and you can see that 1144 and c0da are at the beginning and end respectively.

      KAPEX Contract: 0x11441afb1d10e3ce4e39666fc4f4a2a5d6d8c0da


      This is known as a vanity address, and since I investigated this, it is evident that there is a known vanity address exploit. You can google “vanity address exploit” to find out more information or take a look at the references below which have some insight.

       

      Note: KODA was NOT created using a vanity address, and therefore cannot be exploited in the same way.

      Whilst this does not make up for what has happened, it allows us to understand, and have the relief that other parts of the ecosystem are not affected.

       

      This exploit comes as a significant blow just as the FUD on myself had calmed and the KODA price was creeping up. For this I/ we can only apologise, and rest assured we are focused on learning from mistakes and making the overall ecosystem stronger as a result of this exploit going forwards. I have no news on what happens next yet, today’s concern was focused on explaining what happened first.

      In the meantime we will be updating the websites to link to this blog post and hopefully prevent anyone buying KAPEX again as this is likely to be unrecoverable in any way.

       

      James. CEO.

       

      References:

       

      Similar exploit documented on coin telegraph.

      How its done

       

      -