The popular Ethereum-based platform focused on the adult entertainment industry, SpankChain suffered a security breach this week. This was the result of a smart contract bug that went unidentified in the code base.
Hackers made use of the bug by exploiting it to breach the platform’s smart contract system. Consequently, this resulted in the loss of over $40,000 from the users’ wallets.
The hack took place around October 6, 2018, and it took them another day to notice that it has happened.
About the Breach
The announcement came from their official Medium blog post with the unusual title: “We got Spanked: What we know so far”. The company stated this. “At 6pm PST Saturday, an unknown attacker drained 165.38 ETH (~$38,000) from our payment channel smart contract which also resulted in $4,000 worth of BOOTY on the contract becoming immobilized.”
The company stated that the hacker stole in total over 165.38 ETH from the wallets of the users’ and the company. SpankChain uses their native cryptocurrency token BOOTY. The immobilization of their token BOOTY equivalent to $4,000 also took place.
It took them over 24 hours to identify the breach and fix the bug in the code base. To ensure that the funds of the users’ stay safe, the webcam service platform was taken offline. The company stated this. “Unfortunately, as we were in the middle of investigating other smart contract bugs, we didn’t realize the hack had taken place until 7:00pm PST Sunday, at which point we took Spank.Live offline to prevent any additional funds from being deposited into the payment channels smart contract.”
Furthermore, in the coming days, SpankChain will reimburse the lost funds of the users. Over $9,000+ worth of Ethereum (ETH) token is going to be directly transferred to the users’ SpankPay wallets via airdrop.
Furthermore, they will move to patch the bug and integrate the fixed smart contract protocol into their platform.