Hackers Breach Smart Contract on Ethereum-Based Adult Entertainment Platform SpankChain

Published at: Oct. 10, 2018

Ethereum-based adult entertainment platform SpankChain has suffered a smart contract security breach that led to loss of around $38,000, the firm reported on its Medium page Oct. 9.

The hack, which purportedly took place Oct. 6, was detected by SpankChain a day after, and was announced today in a post entitled “We Got Spanked: What We Know So Far.”

Anonymous attackers managed to steal 165.38 Ethereum (ETH) or around $38,000 from the platform’s payment channel smart contract. Additionally, the security breach caused the immobilization of $4,000 worth of the SpankChain’s internal token called BOOTY.

While most of lost or immobilized funds belong to SpankChain itself, the platform claimed that client reimbursements are of “immediate priority.” The company will shortly repay $9,300 worth of Ethereum and Booty coins directly to users’ SpankPay accounts via Ethereum airdrop.

The SpankChain team has subsequently halted its camservice Spank.Live in order to prevent users from depositing via the payment channel smart contract. The website reboot is expected to take around two to three days in order to reset the payment channel smart contract, carry out airdrop reimbursements, reset native token distribution, and eliminate the security weakness.

The attack was related to a “reentrancy” bug similar to that which exploited The Decentralized Autonomous Organization (The DAO). The hacker reportedly created a malicious contract mimicking an ERC20 token, with a “transfer” function calling back into the payment channel smart contract multiple times in a loop, extracting Ethereum each time.

A smart contract is a protocol that enables the specific behavior of a contract by applying the terms of the agreement into the code, eliminating the need for a third party intermediary.

While smart contracts are reportedly “extremely difficult to hack,” they are still a young technology, and can be prone to bugs, which may in turn be exploited by scammers.The adult entertainment industry is increasingly taking advantage of cryptocurrencies and blockchain technology, mostly driven by the technology’s inherent anonymity, as well as a number of other benefits.

Tags
Related Posts
Smart contract standards: Making DeFi transactions on Ethereum more secure
Decentralized finance continues to make its impact on the crypto market, and with over $13 billion of total value of assets locked, DeFi projects are clearly resonating with eager crypto investors. Yet while the DeFi space has been progressing over the last year, a number of illegitimate projects have come to fruition, reminding some of the 2017 ICO boom and its subsequent bust. For example, Harvest Finance, a major decentralized protocol, was recently hacked. The attacker made away with $24 million from Harvest Finance pools. Most recently, Value DeFi, the decentralized finance protocol, fell victim to a $6-million flash loan …
Blockchain / Nov. 21, 2020
Synthetix Reverses Oracle Error-Caused Misplaced sETH in Exchange for a Bug Bounty
Following a recent oracle issue, asset issuance platform Synthetix will reverse the misplaced 37 million synthetic ether (sETH) in exchange for a bug bounty, Synthetix founder Kain Warwick stated on June 25. According to the statement, Synthetix has now resumed trading and transfers after the platform yesterday suffered an oracle error that led to several trades with profits of 1000x, resulting in more than $1 billion in profits in under an hour. Warwick, who is also CEO of Australia-based payment operator blueshyft, has described the details of the accident, noting that the error, which led one of APIs on the …
Ethereum / June 25, 2019
Recently Hacked Adult Entertainment Platform SpankChain Returns Stolen BOOTY, Ethereum
Ethereum-based adult entertainment platform SpankChain confirmed that it had recovered all the funds lost during a security breach October 6. In a series of tweets Friday, Oct. 12, officials said that after speaking by telephone with the hacker who stole 165 ETH ($32,000) from the project’s smart contract, he had agreed to return the amount in full. SpankChain had notified users about the breach a day after it occurred, promising to instigate reimbursements of lost money to affected investors. Of the total losses, only around $9,000 consisted of customer funds, it said. Linking to a transaction confirming the transfer, SpankChain …
Ethereum / Oct. 12, 2018
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022
What are the most bullish cryptocurrencies to buy right now? | Find out now on The Market Report
The Market Report with Cointelegraph is live right now. On this week’s show, Cointelegraph’s resident experts discuss what they believe are the top three most bullish coins one should take a closer look at. But first, market expert Marcel Pechman carefully examines the Bitcoin (BTC) and Ether (ETH) markets. Are the current market conditions bullish or bearish? What is the outlook for the next few months? Pechman is here to break it down. Next up: the main event. Join Cointelegraph analysts Benton Yaun, Jordan Finneseth and Sam Bourgi as each makes his case for the most bullish cryptocurrency right now. …
Decentralization / May 3, 2022