Security Market Segment LS
Wednesday, 06 June 2018 17:48

Qld firm lost US$6.6m in cryptocurrency after deal soured Featured


Queensland-based company Byte Power Party has lost US$6.6 million in cryptocurrency, due to a backdoor in the currency, after a deal with Singapore's Soar Labs soured.

A report in Bankinfosecurity said Queensland police had launched a criminal investigation into the case. The two companies settled outside court last week.

Limited details about the case have been made public, but more of the story emerged at last week's AusCERT conference on the Gold Coast when an officer with Queensland's Financial and Cyber Crime Group mentioned the criminal probe, keeping the names of the companies out of his talk but pointing to the case as one that illustrated the risks of doing business deals with cryptocurrencies.

Bankinfosecurity said it had consulted many security professionals to try and ascertain the details and Rendition Infosec chief Jake Williams, a former NSA hacker, has discovered the business deal between Byte Power Group and Soar Labs. The details had been confirmed by the Queensland Police on Tuesday.

Soar Labs issued its own cryptocurrency in July 2017 with soarcoin being based on ethereum. The company announced about a month prior to the ICO that it would be taking a 49% stake in Byte Power Party, a subsidiary of Byte Power Group, and as part of the deal a cryptocurrency exchange would be set up in Australia.

While the 49% stake was valued at US$5 million, Soar Labs only contributed US$100,000 in cash with the balance paid as 306 million soarcoins; at that time a soarcoin was worth US$0.016.

Problems arose in January this year, with Byte Power Group informing the ASX that 79.2 million soarcoins held by Byte Power Party and another 34.6 million soarcoins held by its chief executive, Alvin Phua, had been temporarily suspended.

Two days before this, Soar Labs had claimed that Byte Power Group had not sold the soarcoins it owned at "manageable levels" and using what it obtained to pay off debts, which included pending salaries of directors.

The ASX was informed by Byte Power Group on 2 February that the soarcoins had been pilfered from its e-wallets on  January; it said 214 million soarcoins worth about US$6.6 million at the time had been taken.

The Singapore High Court came into the picture when Byte Power Group sought and obtained an injunction against Soar Labs, freezing some of its bank accounts and e-wallets.

The method by which Soar Labs took the soarcoins was by using a backdoor in the soarcoin code, according to Queensland Police. This was confirmed by a German company.

A spokesperson for Byte Power Group said it could not provide any more details apart from what it had provided to the ASX. But the spokesperson was willing to say that "the way in which the smart contracts were written allowed them [Soar Labs] to remove the coins, which the company itself wasn't aware of at the time until the coins were actually taken".

Bankinfosecurity said it had asked Nicholas Weaver, a researcher with the International Computer Science Institute, to look at the soarcoin code. He quickly discovered a zero-fee transaction function that could only be accessed by the owner of the smart contract – Soar Labs.

Said Weaver: "If I'm the account owner, I can call that function and transfer a balance from anybody to anybody. It's best described as a backdoor hiding in plain sight."

He added that the code meant the owner of the contract could rewrite balances at will.

Under a settlement reached by the two companies, Soar Labs will transfer its 49% stake in Byte Power Party to Byte Power Group, pay US$1.7 million and also give Byte Power Group five million soarcoins.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments