June 18th, 2016
In light of the recent events surrounding the hacking of 3,641,694ETH from The DAO we have the following announcement to make:
Upon learning of The DAO hack we immediately updated our public communication channels and effectively ‘suspended’ our crowdsale, by our own volition.
Twitter, Reddit, e-mail announcements were broadcast out to those who were interested in our token sale to not send the Crowdsale contract any more ETH and that we were under-going an extensive emergency security audit.
We probed our contracts and were also in discussion with various senior members of the community in order to exactly understand the level of threat that the ‘Crowdsale’, ‘beneficiary’ and ‘Token’ contract may have potentially exposed our valued token holders to.
During the time we were performing our DAO post-mortem security audits, we were comfortable in the fact that we were not (due to correct programming practices) exposed to the particular ‘recursive call’ attack that The DAO was. In fact we were confident of that from the start. Happy days.
However, I was not happy with just making sure we were protected against just that threat alone, so we pushed the security audit further. Upon a deeper inspection, we discovered that there is an ‘edge-case’ chance of a potential ‘attacking’ contract performing what is known as a ‘callstack attack’ against the Crowdsale contract.
You can read more about that particular risk here:http://hackingdistributed.com/2016/06/16/scanning-live-ethereum-contracts-for-bugs/
Upon learning this news I immediately had decided that in the sole interest of protecting our valued token holders ether, the absolute best decision for all those involved, was to simply refund the ETH to those that had made already made their decision to purchase our tokens.
You can see that transaction here:http://etherscan.io/tx/0x2ebb82bf040fb243fc34c0db501bdb5207c486ffe10edd4ca4e3c36f3d68af49
I want to make very it clear that it was always my absolute highest priority that our valued token holders ETH was entirely safe during this entire process. It was.
We had redundancy, on top of redundancy, on top of redundancy (literally). No matter what happened, the funds raised were safe during the entire time.
I would also just like to mention, that this is not the fault of the Ethereum protocol. Strict best-practice development methodology absolutely must be in place and adhered to at all times, and I personally, absolutely will not continue a project that has other people’s money at risk if there is even the slightest edge-case chance that it could have possibly faced the same fate as that of The DAO – even over a period as short as 7 days (our game contract is still WIP and we could have added the fix to it).
I would like to extend my deepest gratitude to all of our valued token holders (who showed great patience with us during these tough times).
We had an absolutely amazing couple of days during the period of our crowdsale, which raised 2,326ETH in under 5 days, and I think it goes to show just how strong the belief is in our platform.
I would also like to thank those members in the Ethereum community who surrounded us to aid in different areas of support during the time of this ‘black swan’.
All in all, thankfully, and at the end of all of this, I think if there is any good that will come out of all of this, (and there will be) is that there will be better future programming practices from the Ethereum developer community as a whole.
Let’s stick together, regroup, and come back even stronger. We can do this.
We will be making announcements in regards to our future plans.