BTC: $4,132.11 +3.45%
ETH: $157.77 +5.96%
XRP: $0.33069 +2.79%
MARKETCAP: $140,254,874,633
24H VOL: $27,654,634,238
BTC: 52%

Adult Entertainment Blockchain Platform ‘SpankChain’ Hacked for $42,000


It appears that even the most intimate of blockchain platforms aren’t safe from the ever-growing wave of large-scale hacks on the cryptocurrency and blockchain community. Yesterday, adult entertainment blockchain platform Spankchain announced in a blog post that on Saturday evening, while many were no doubt winding down from their challenging workweek, hackers stole 165.38 ETH (~$38,000) from the company’s payment channel smart contract. This resulted in additional $4,000 worth of BOOTY on the contract becoming immobilized.

“Of the stolen/immobilized ETH/BOOTY, 34.99 ETH (~$8,000) and 1271.88 BOOTY belongs to users (~$9,300 total), and the rest belonged to SpankChain,” reads the the company’s announcement.

SpankChain reports that it hadn’t realized that the hack had taken place until the company began research into non-related smart contract bugs on the platform beginning on Sunday evening. Once the hack was detected, Spank.Live was taken offline to prevent any additional funds from being deposited into the payment channels smart contract.

“Our immediate priority has been to provide complete reimbursements to all users who lost funds,” reads yesterday’s blog post. “We are preparing an ETH airdrop to cover all $9,300 worth of ETH and BOOTY that belonged to users. Funds will be sent directly to users’ SpankPay accounts, and will be available as soon as we reboot Spank.Live.”

The camsite is expected to be down for the next 2-3 days, and possibly longer. SpankChain is planning on redeploying the payment channel smart contract with a patch to prevent future hacks and update to use the new payment channel contract. All of the ETH and BOOTY lost in the attack will be returned to SpankPay accounts in an upcoming airdrop. The SpankChain team is preparing an in-depth investigation into the attack.

According to the announcement,

“By the time we reboot Spank.Live, all viewers and performers will have 100% of the total value in BOOTY+ETH they had in their SpankPay airdropped to their current SpankPay addresses, so users don’t need to do anything.

The site will continue to function exactly as it was before with a single exception — because of the 4,000 BOOTY currently immobilized, we will temporarily reduce the BOOTY limit for each viewer to 10 BOOTY. This means viewers will only be able to tip 10 BOOTY at a time, and upon spending all 10 BOOTY they will automatically recharge their 10 BOOTY with any extra ETH they have deposited, until they completely deplete their ETH balance.”

The attack capitalized on a “reentrancy” bug on the SpankChain platform, similar to the bug exploited in the DAO hack.

“The attacker created a malicious contract masquerading as an ERC20 token, where the ‘transfer’ function called back into the payment channel contract multiple times, draining some ETH each time,” the company reports.

SpankChain has openly stated that it made the decision to pass on a security audit for one of its previous unidirectional payment channel contracts this year by Zeppelin, which would have cost $17,000. At the time, the payment channel contract had yet to exceed $17,000.

In the wake of this weekend’s attack, Zeppelin has quoted an audit of a separate and more sophisticated non-custodial SpankChain payment channel contract to be between $30,00-$50,00, which SpankChain has accepted.

“As we move forward and grow, we will be stepping up our security practices, and making sure to get multiple internal audits for any smart contract code we publish, as well as at least one professional external audit,” SpankChain stated.

Join the NEW Unhashed Telegram or Follow Unhashed on Twitter for the Latest Cryptocurrency News Updates!

Bitcoin Bitcoin $4,132.11 +3.45%
Ethereum Ethereum $157.77 +5.96%
XRP XRP $0.33 +2.79%
EOS EOS $4.11 +6.09%
Litecoin Litecoin $51.54 +4.01%

Subscribe for the latest cryptocurrency news

Please enter a valid email address.
Something went wrong. Please check your entries and try again.

More Crypto News

Best Tether Wallets in 2019

January 14, 2019

Tether (USDT), the world’s most popular stablecoin, is designed to give users the stability of…

The 5 Best Stellar Wallets In 2019

January 3, 2019

Stellar and its XLM token were first launched in 2014 by Ripple co-founder Jed McCaleb.…

Best Bitcoin Cash Wallets in 2019: Picking a Bitcoin Cash Wallet for Your Needs

December 6, 2018

Bitcoin Cash (BCH), the controversial project forked from the original Bitcoin client, is now the…

Subscribe for the latest cryptocurrency news

Please enter a valid email address.
Something went wrong. Please check your entries and try again.
Scroll Up