SOAR COIN - Beware of a Backdoor Exploit!

Police in Queensland are investigating one of the first instances of a company swiping cryptocurrency using a software backdoor after a business deal went bad.

A transaction between Byte Power Party Ltd. of Newstead, Queensland, and Soar Labs of Singapore occurred where over 300 million SOAR coins were transferred to Byte Power for a 49% stake in the company by Soar Labs. The deal involved over $5 million of SoarCoins.

Byte Power then decided to sell off some of it's many coins which Soar Labs did not want as this would then put downward pressure on the value of the ERC-20 token. On February 12th this year, 214 million SoarCoin tokens were withdrawn from their e-wallets, worth around $6.6 million by Soar Labs.

So how did Soar Labs reclaim its coins? The identified problem is a backdoor within the coin's code. The way in which the smart contracts were written allowed Soar Labs to remove the coins, which the company itself wasn't aware of at the time until the coins were actually taken.

The smart contract of the token has a zero-fee transaction function that can only be called by the owner of the Ethereum smart contract, which in this case would be Soar Labs. With a function such as this within the smart contract, Soar Labs can rewrite balances at will which doesn't make it a very secure option for investment.

I am sure there are many examples of this type of code in smart contracts out there, this one was just exposed via a very large business deal.

Thanks for reading!

Come and join us in the Team Australia Discord Channel