SpankChain, a cryptocurrency project focused on the adult industry has lost almost $40,000 worth of Ethereum due to smart contract bug on Saturday.
SpankChain is an Ethereum based contract which utilizes Ethereum and a token BOOTY to tip hot adult models during their live cam shows online.
As per the SpankChain developers, an attack occurred on Saturday at 6 PM IST. In the whole scenario, hackers stole 165.38 Ethereum and 12701.88 BOOTY because of a bug in their smart contract.
According to reports, hackers drained $38000 ETH and $4000 worth of BOOTY of which around $8000 and $1271 BOOTY belongs to users and remaining belongs to SpankChain.
SpankChain is on its way to fix all, planning to replace $9300 worth of Ethereum that was stolen from users. Then after stepping to close down the online cam service by changing to offline mode while they fix the bugs occurred and to upgrade to the latest payment channel contract which is safer than before.
HOW THE HACK HAPPENED?
As per the official announcement, hackers used a reentrancy attack to step into the system and steal bucks.
[A reentrancy attack occurs when a hacker, in the smart contract, is able to call a function repeatedly before the previous one finished executing. Before the contract then figures out that there’s no balance left, the hackers repeatedly withdraw the cryptocurrency]
In this case, hackers created a function that called back into the channel contract numerous times, sucking out ETH each time.
ACTION TO BE TAKEN
The team now will undertake a deep investigation into the matter in the coming days. The SpankChain team decided not to pay for the security audit that is to happen. However, considering both opportunity cost and perception value of the time spent on analyzing and reacting to the attack, it would have been worth it.
The team promised to improve its security standards, making sure to get the number of internal audits for any code they publish.