An attempt at collaboration between two companies, Byte Power Party of Australia and Soar Labs from Singapore ended in a massive loss due to a backdoor flaw. Up to $6.6 million in Soarcoins was lost after Soar Labs tried to buy Byte Power Party’s stakes without actually paying for them.
Back in June of the previous year, Byte Power Party released an announcement that a company from Singapore, Soar Labs, will buy 49% of Byte Power’s stakes. The company was to receive $5 million for this purchase, and Soar delivered $100,000 in fiat. The rest was paid in its cryptocurrency, Soarcoin, which was priced at $0.016 at the time. The company sent 306 million of Soarcoins, and everything seemed to be fine.
However, in January of this year, a large amount of those tokens were suspended. According to Soar Labs, this happened due to Byte Power’s scheme to sell the coins at a much higher rate in an attempt to earn enough to pay their debts. The total amount of frozen coins is 213.8 million, where 179.2 million units were in the possession of the company, and 34.9 million were held by the company’s CEO, Alvin Phua.
Soar Labs withdraws the coins
One month later, Byte Power contacted ASX (Australian Securities Exchange) stated that up to $6.6 million in this cryptocurrency was taken from the company’s e-wallets. After investigating, Nicholas Weaver discovered that the smart contract for the Soarcoins has a backdoor. Further details were not released, but it is known that the contract was designed in a way that would allow its issuer, in this case Soar Labs, to take the coins back, and completely fee-free at that.
It was also discovered that Soar can do this with Byte Power, but also with any other coin holders that have Soarcoin in their possession. Seth Lim, CEO of Soar Labs, confirmed the existence of a backdoor and stated that it is no secret that it exists, In fact, he blames Byte Power for not reviewing the code and noticing that the flaw is there.
Additionally, the CTO of Soar Labs, Beo Wenyuan, stated that the transaction had a zero-fee function, which can be seen in a source code and is completely public. This function was developed to be used in airdrops and various development activities.
Byte Power since issued a new announcement last month, stating that the company managed to reach a settlement with Soar Labs and the previous arrangement has been broken off. Not only will Soar Labs return the previously acquired shares, but it will also have to compensate Byte Power with 5 million Soarcoins, as well as $1.7 million. After this, the companies will go their separate ways.
The only thing that was left to be seen is whether or not the authorities will continue the criminal investigation. The biggest issue revolves around one question: did Soar Labs commit a crime by withdrawing the funds, considering that it partially owns Byte Power?
