SpankChain, Adult Website Built on the Ethereum Platform, Foregoes Security Audit, Gets Hacked
SpankChain, a blockchain-based porn website built on the Ethereum network, announced via a blog post on Oct. 9 that it had been hacked and lost a total of 165.38 ETH (approx. $38,000) and BOOTY worth $4,000. Users lost 34.99 ETH (approx. $8,000) and 1,271.88 BOOTY (approx. $9,300), and SpankChain lost the remaining balance. The unknown hackers took advantage of a “reentrancy” bug, similar to the one exploited in the 2016 The DAO hack. The hack or its success is partly due to SpankChain foregoing a security audit because of high costs.
In the blog post, the SpankChain team said:
“Unfortunately, as we were in the middle of investigating other smart contract bugs, we didn’t realize the hack had taken place until 7:00 pm PST Sunday, at which point we took Spank.Live offline to prevent any additional funds from being deposited into the payment channels smart contract.”
The SpankChain team will reimburse all the customer funds lost in the hack through an airdrop. The reimbursement funds will be deposited into the customers’ SpankPay accounts but will only be available after the platform has been rebooted.
The platform will shut down its camsite services for two to three days or more if need be. During this time, the platform will patch the exploited smart contract and redeploy it in order to prevent the repeat of a similar incidence.
Spank.Live will be updated so that it can use a new payment channel. The platform will airdrop ETH to affected customers and also fix the bugs they were working on prior to the hack. In the following days, SpankChain will conduct an “in-depth investigation” of the hack.
The company partly took responsibility for the hack and mentioned that it had decided to skip a security audit for the smart contract payment channel. It skipped the security audit because it is expensive as they had paid $17,000 for a previous audit.
Odiginal link: https://blokt.com/news/spankchain-adult-website-built-on-the-ethereum-platform-foregoes-security-audit-gets-hacked