Contract Creator has been HACKED, How to recover my token

by Billy   Last Updated November 14, 2018 14:28 PM - source

I made a token with solidity as below:

 pragma solidity ^0.4.22;

library SafeMath {
  function mul(uint256 a, uint256 b) internal pure returns (uint256) {
    uint256 c = a * b;
    assert(a == 0 || c / a == b);
    return c;

  function div(uint256 a, uint256 b) internal pure returns (uint256) {
    uint256 c = a / b;
    return c;

  function sub(uint256 a, uint256 b) internal pure returns (uint256) {
    assert(b <= a);
    return a - b;

  function add(uint256 a, uint256 b) internal pure returns (uint256) {
    uint256 c = a + b;
    assert(c >= a);
    return c;

contract ForeignToken {
    function balanceOf(address _owner) constant public returns (uint256);
    function transfer(address _to, uint256 _value) public returns (bool);

contract ERC20Basic {
    uint256 public totalSupply;
    function balanceOf(address who) public constant returns (uint256);
    function transfer(address to, uint256 value) public returns (bool);
    event Transfer(address indexed from, address indexed to, uint256 value);

contract ERC20 is ERC20Basic {
    function allowance(address owner, address spender) public constant returns (uint256);
    function transferFrom(address from, address to, uint256 value) public returns (bool);
    function approve(address spender, uint256 value) public returns (bool);
    event Approval(address indexed owner, address indexed spender, uint256 value);

interface Token { 
    function distr(address _to, uint256 _value) external returns (bool);
    function totalSupply() constant external returns (uint256 supply);
    function balanceOf(address _owner) constant external returns (uint256 balance);

contract BILLYCOIN is ERC20 {

    using SafeMath for uint256;
    address owner = msg.sender;

    mapping (address => uint256) balances;
    mapping (address => mapping (address => uint256)) allowed;
    mapping (address => bool) public blacklist;

    string public constant name = "BILLY COIN";
    string public constant symbol = "BillyCoin";
    uint public constant decimals = 18;

uint256 public totalSupply = 500000000e18;

uint256 public totalDistributed = 200000000e18;

uint256 public totalRemaining = totalSupply.sub(totalDistributed);

uint256 public value = 1000e18;

    event Transfer(address indexed _from, address indexed _to, uint256 _value);
    event Approval(address indexed _owner, address indexed _spender, uint256 _value);

    event Distr(address indexed to, uint256 amount);
    event DistrFinished();

    event Burn(address indexed burner, uint256 value);

    bool public distributionFinished = false;

    modifier canDistr() {

    modifier onlyOwner() {
        require(msg.sender == owner);

    modifier onlyWhitelist() {
        require(blacklist[msg.sender] == false);

    function BillyCoin() public {
        owner = msg.sender;
        balances[owner] = totalDistributed;

    function transferOwnership(address newOwner) onlyOwner public {
        if (newOwner != address(0)) {
            owner = newOwner;

    function finishDistribution() onlyOwner canDistr public returns (bool) {
        distributionFinished = true;
        emit DistrFinished();
        return true;

    function distr(address _to, uint256 _amount) canDistr private returns (bool) {
        totalDistributed = totalDistributed.add(_amount);
        totalRemaining = totalRemaining.sub(_amount);
        balances[_to] = balances[_to].add(_amount);
        emit Distr(_to, _amount);
        emit Transfer(address(0), _to, _amount);
        return true;

        if (totalDistributed >= totalSupply) {
            distributionFinished = true;

    function () external payable {

    function getTokens() payable canDistr onlyWhitelist public {
        if (value > totalRemaining) {
            value = totalRemaining;

        require(value <= totalRemaining);

        address investor = msg.sender;
        uint256 toGive = value;

        distr(investor, toGive);

        if (toGive > 0) {
            blacklist[investor] = true;

        if (totalDistributed >= totalSupply) {
            distributionFinished = true;

        value = value.div(100000).mul(99999);

    function balanceOf(address _owner) constant public returns (uint256) {
        return balances[_owner];

    modifier onlyPayloadSize(uint size) {
        assert( >= size + 4);

    function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) {
        require(_to != address(0));
        require(_amount <= balances[msg.sender]);

        balances[msg.sender] = balances[msg.sender].sub(_amount);
        balances[_to] = balances[_to].add(_amount);
        emit Transfer(msg.sender, _to, _amount);
        return true;

    function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) {
        require(_to != address(0));
        require(_amount <= balances[_from]);
        require(_amount <= allowed[_from][msg.sender]);

        balances[_from] = balances[_from].sub(_amount);
        allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount);
        balances[_to] = balances[_to].add(_amount);
        emit Transfer(_from, _to, _amount);
        return true;

    function approve(address _spender, uint256 _value) public returns (bool success) {
        if (_value != 0 && allowed[msg.sender][_spender] != 0) { return false; }
        allowed[msg.sender][_spender] = _value;
        emit Approval(msg.sender, _spender, _value);
        return true;

    function allowance(address _owner, address _spender) constant public returns (uint256) {
        return allowed[_owner][_spender];

    function getTokenBalance(address tokenAddress, address who) constant public returns (uint){
        ForeignToken t = ForeignToken(tokenAddress);
        uint bal = t.balanceOf(who);
        return bal;

    function withdraw() onlyOwner public {
        uint256 etherBalance = address(this).balance;

    function burn(uint256 _value) onlyOwner public {
        require(_value <= balances[msg.sender]);

        address burner = msg.sender;
        balances[burner] = balances[burner].sub(_value);
        totalSupply = totalSupply.sub(_value);
        totalDistributed = totalDistributed.sub(_value);
        emit Burn(burner, _value);

    function withdrawForeignTokens(address _tokenContract) onlyOwner public returns (bool) {
        ForeignToken token = ForeignToken(_tokenContract);
        uint256 amount = token.balanceOf(address(this));
        return token.transfer(owner, amount);

NOTE : Optimization Enable : YES


  1. Then after my token has been completed, I accidentally added a token from the total supply. Where can I add tokens after smart contrcat has been successfully created and verified by ethercan?

  2. Contract Creator (Owner) Address has been HACKED, they can access my contract creator freely. How can I move the smart contract ownership from the token that I made? from the previous Contract Creator to the new address, so the HACKER can no longer be WRITE CONTRACT.

  3. Can I SWAP BillyToken to the new token? How to ?

  4. What solidity is safe and the best for a token that functions as a payment instrument?*

I am lay on the blockchain, please provide answers that I can understand. Where and to whom can I discuss this? trusted person and not a cheater.


Related Questions

Contract function not withdrawing ether

Updated February 21, 2018 00:28 AM

Problem with invoking a function

Updated April 30, 2018 17:28 PM

Contract to Contract Transaction with Ether

Updated November 09, 2017 14:28 PM

Transfer() or call()

Updated March 26, 2019 09:28 AM