SpankChain

SpankChain Hack $40K Loss

On October 9, 2018, SpankChain, a cryptocurrency project in the adult industry, reported that it has been the victim of a breach that has led to the theft of $40,000 in Ethereum (ETH).

The platform issued a block post in which the SpankChain platform’s team disclosed the hack. Interestingly enough, the post indicates that the hack took place on Sunday, but is only reporting it two days later.

The platform also reported that the hack was due to a bug on the network’s payment channel smart contract, which has also led to the freeze of $4,000 in SpainChain’s BOOTY token. Specifically, the platform posted:

“Unfortunately, as we were in the middle of investigating other smart contract bugs, we didn’t realize the hack had taken place until 7:00pm PST Sunday, at which point we took Spank.Live offline to prevent any additional funds from being deposited into the payment channels smart contract.”

Of the $40,000 in stolen cryptocurrency, $9,300 worth of ETH and BOOTY belonged to the platform’s users. The remainder of the funds belonged to the project. The platform indicated that it will send refunds:

“directly to users’ SpankPay accounts and will be available as soon as we reboot Spank.Live.”

The platform also warned of a 2-3 days’ delay while its developers work to patch the issues that led to the hack and to redeploy a new smart contract. The platform’s developers are also working to resolve outstanding smart contract issues. This activity may limit the use of BOOTY tokens.

The team also reported that the attack arose due to a “reentrancy” bug similar to the one responsible for the DAO hack in 2016. Specifically, the platform stated:

“The attacker created a malicious contract masquerading as an ERC20 token, where the ‘transfer’ function called back into the payment channel contract multiple claim, draining some ETH each time.”

The platform conceded that it refused to pay for a security audit for the payment channel contract because of the cost involved. In its post, the platform reported that

“taking into account both the perception value and opportunity cost of the time spent reacting to the hack, it would have been worth it.”

Finally, the platform concluded its post by pledging that it will improve security practices by “making sure to get multiple internal audits for any smart contract code we publish, as well as at least one professional external audit.”

[FREE] Get Our Best Crypto Trading, Mining & Investing Hacks:

*Action Required* Enter Your Email To Get Insight For Trending Coin News & Reviews

I will never give away, trade or sell your email address. You can unsubscribe at any time.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

16 − 14 =