Proof of Weak Hands (PoWH) Coin hacked, 866 eth stolen
Recently, the Proof of Weak Hands (PoWH) coin was created and advertised itself as an autonomous and self-sustaining ponzi scheme. It was implemented as an ERC20 token on the Ethereum blockchain. It was a silly and funny coin, but it was also enticing for those chasing profits because of its promise of infinite dividends. You can read more about the coin here:
Within the last few hours, a bug was found within the coin's smart contract and exploited. The hackers ran away with over 866 ether.
Most believe that the bug was caused by integer overflow. The exploiters of the bug passed the largest possible integer (0xFFFFF...) into the smart contract. The result was that the exploiters could then obtain an obscenely large amount of the PoWH tokens. You can see the result of their transaction here (notice the amount of ProofOfWeakHands token they received):
Because of the way PoWH works, holders of the coins get dividends based on how many PoWH tokens they own. Therefore, they were able to exploit the token transfer above to steal all of the dividends, AKA all of the ether that was held in the smart contract. In total, they ran away with just over 866 ether. You can see this transaction here:
For what its worth, this exploit was not intentionally put in by the developers of PoWH in order to scam everyone. Therefore, there is an important lesson to be learned from this PoWH failure: Smart contracts are only as good as their developers. Just because smart contracts are decentralized, autonomous, and 'unmodifiable' does not mean they are safe or perfect.