Categories: Ethereum

‘We Got Spanked’: Adult Entertainment ICO Suffers $38,000 Hack

Click here to view original web page at www.ccn.com
Advertisement

“We got spanked.”

That’s the message that SpankChain, the initial coin offering (ICO) funded adult entertainment website, used to inform its users that a hacker had exploited a bug in one of its smart contracts to abscond with 165.38 ETH, worth about $38,000 at the time of the theft. Another $4,000 worth of the platform’s ICO token, BOOTY, was immobilized as a result of the breach, bringing the total economic impact of the hack to about $42,000.

The hack occurred at roughly 6 pm PST on Saturday, though the company did not discover the theft until the following evening, at which point it took the website offline to prevent further breaches.

“Unfortunately, as we were in the middle of investigating other smart contract bugs, we didn’t realize the hack had taken place until 7:00pm PST Sunday, at which point we took Spank.Live offline to prevent any additional funds from being deposited into the payment channels smart contract,” the announcement read.

According to SpankChain, the hacker exploited a “reentrancy” bug, similar to the one used in the infamous DAO hack.

“In short, the attack capitalized on a ‘reentrancy’ bug, much like the one exploited in The DAO. The attacker created a malicious contract masquerading as an ERC20 token, where the ‘transfer’ function called back into the payment channel contract multiple times, draining some ETH each time.”

The company admitted that it had failed to pay for a security audit of its payment channel smart contract, which could have cost as much as $50,000 — well above the amount of funds affected by the hack. Nevertheless, SpankChain said that it realizes now that it should have paid for the audit, expensive though it may have been.

“As we move forward and grow, we will be stepping up our security practices, and making sure to get multiple internal audits for any smart contract code we publish, as well as at least one professional external audit,” the company said.

Most of the affected funds belonged to SpankChain. However, about $9,300 worth of the stolen and immobilized funds belonged to users. Consequently, the company, which raised $7.2 million through its ICO in late 2017, said that it would airdrop $9,300 in ETH to affected users’ SpankPay accounts following the website’s reboot within the next several days.

As CCN reported, SpankChain is just the latest in a long line of Ethereum projects that have lost money when hackers exploited bugs in their smart contracts.

In July, decentralized exchange (DEX) Bancor lost $23 million in ETH and other ethereum tokens when a hacker compromised a wallet used to upgrade some of the platform’s smart contracts. That same month, KICKICO lost 70 million KICK worth $7.7 million when a hacker managed to gain control of the project’s smart contract.

Previously, a smart contract governing multi-signature ethereum wallets suffered multiple security breaches, resulting in a $32 million theft and $150 million in permanently-frozen funds. Such hacks have led Litecoin creator Charlie Lee to suggest that Solidity, the native programming language of Ethereum smart contracts, is a “hacker paradise.”

However, the problem is not isolated to Ethereum. In September, several decentralized applications (dApps) running on the EOS network were exploited as the result of smart contract bugs as well. At least two gambling dApps were affected, losing a collective $260,000 when hackers discovered a way to place bets without having to stake any real tokens, allowing them to gamble consequence-free.

Images from Shutterstock

Follow us on Telegram or subscribe to our newsletter here.

Join CCN's crypto community for $9.99 per month, click here.
Want exclusive analysis and crypto insights from Hacked.com? Click here.
Open Positions at CCN: Full Time and Part Time Journalists Wanted.

That’s the message that SpankChain, the initial coin offering (ICO) funded adult entertainment website, used to inform its users that a hacker had exploited a bug […]

cinerama

Illuminati, Mason, Anonymous I'll never tell. I can tell you this, global power is shifting and those who have the new intelligence are working to acquire this new force. You matter naught except to yourself, therefore prepare for the least expected and make your place in the new world order.

Disqus Comments Loading...
Share
Published by
cinerama

Recent Posts

It’s Expiry Friday, Will Bitcoin’s Price Fall Once More?

In precisely five days, the September fiat settled bitcoin futures contract at CME expires.Yes, another month is nearly over, so… Read More

6 hours ago

‘Big Four’ Auditor Deloitte to Let Employees Buy Lunch with Bitcoin (BTC)

The “Big Four” auditing firm, Deloitte’s Luxembourg unit is working on letting its employees pay for lunch using cryptocurrency, especially… Read More

6 hours ago

Patrick Byrne Sells Overstock Shares for Crypto and Precious Metals

Patrick Byrne , the former chief executive of Overstock.com who sent shockwaves through the blockchain community not too long ago… Read More

6 hours ago

Canada’s Bit Farms Buys More Than 2,000 Mining Machines

Bit Farms, a cryptocurrency mining company stationed in Canada , has bought more than 2,000 new A10 Avalon mining machines… Read More

6 hours ago

Key Economic Indicators Due This Week a Gauge of Consumer Strength

In addition to economic data, the stock market anticipates comments from dovish St. Louis Fed President James Bullard this week.… Read More

6 hours ago

Digital assurance: The “Killer app of Blockchain” according to VeChain

Digital assurance: The "Killer app of Blockchain" according to VeChain According to Sunny Lu, the co-founder, and CEO of VeChain,… Read More

6 hours ago

This website uses cookies. We use these cookies to collect data about your interaction with our website for the purpose of continuously improving your experience with our site. For more information we encourage you to read our privacy policy.

Read More