- The heist reportedly occurred on Saturday, October 6 but the team only found out on Sunday evening.
- SpankChain claims the hacker exploited a ‘reentrancy’ bug vulnerability in its system.
- SpankChain has pledged to airdrop $9,300 worth of ETH to affected customers.
SpankChain (SpankCoin), the distributed ledger technology (DLT) project focused on revolutionising the adult entertainment industry, has been ‘spanked’ by hackers, absconding with 165.38 ETH and roughly $4,000 worth of its BOOTY tokens, according to a report by the startup on October 9, 2018.
Hackers Spank SpankChain ICO Hard
SpankChain, the initial coin offering (ICO) funded project for the adult entertainment industry has fallen victim to cryptocriminals.
The site which claims to be a ‘cryptoeconomic powered adult entertainment ecosystem’ built on the Ethereum smart contracts blockchain, got compromised on Saturday, October 6, 2018 and the rogue actors reportedly stole a whopping 165.38 ETH tokens which were worth roughly $38,000 at the time, plus another $4,000 worth of its native BOOTY altcoin.
Per SpankChain, they were only able to discover that a huge part of their funds was missing on Sunday evening at about 7:00 pm PST when they were investigating ‘other smart contract bugs,’ and they promptly took the platform offline to avoid further damages.
Hackers Capitalized on a ‘Reetrancy’ Bug in the System
Of a truth, experts say the Ethereum smart contracts distributed ledger has only a 0.36 percent fail rate, however, firms that deploy these smart contracts are required to carry out audits to ensure their codes are bug-free continually.
The SpankChain team which uses smart contracts for its payment channels admitted it refused to pay $50,000 for a security audit of its smart contracts because it felt the exercise was quite expensive and now hackers have capitalised on the ‘reentrancy’ loophole in its code, to wreak havoc on the platform.
“The attacker capitalized on a ‘reentrancy’ bug, much like the one exploited in the DAO,” said the team, adding “The hacker created a malicious contract masquerading as an ERC-20 token, where the ‘transfer’ function called back into the payment channel contract multiple times, draining some ETH each time.”
Importantly, the SpankChain team has pledged to step up its security and get both internal and external audits for smart contracts on its platform as the platform continues to grow.
Despite the ongoing crypto market downturn, cyberpunks have not ceased taking advantage of bugs present in blockchain platforms.
As reported by Blockchain Reporter on September 15, 2018, EOSBETCasino lost about 44,000 EOS tokens to hackers who exploited the vulnerability on its platform.