SpankChain Loses $38,000 in Recent Cyber Attack
SpankChain, an adult entertainment website funded by an ICO for their token BOOTY, has been hit with a security breach worth thousands of dollars. According to an official announcement posted on the website, a cyber attack that gained access via a bug associated with one of the company’s smart contracts has resulted in the loss of more than 165 ETH equivalent to that of $38,000. An additional amount of BOOTY tokens worth $4,000 was also frozen totalling an overall loss of approximately $42,000.
Although SpankChain had not been aware of the security breach until Sunday evening, reports confirmed that the attack took place on Saturday 6th October sometime during early evening hours. Upon discovering the loss of funds, SpankChain’s website was immediately taking offline in order to cut off hackers from accessing more funds.
SpankChain Taken Offline To Prevent Further Loss of Funds
According to the official statement released by the website, developers had been targeting other known bugs in their smart contract system and was unaware that the attack had taken place until the next evening at 7:00pm. Once notified, Spank.Live was immediately taken offline to prevent further loss of funds.
Company officials stated that hackers targeted a bug that functioned similarly to that targeted in the well known DAO cyber attack. The bug, entitled reentrancy, was used by hackers to enter the system disguised as a typical ERC20 token which redirected funds through a payment channel contract several times. With each redirection, hackers were able to successfully drian Ether tokens from existing funds.
Upon discovering the major cyber hack, SpankChain admittedly confirmed failing to finalize security audits pertaining to their smart contract payment channels which would have cost the website up to $50,000. Although the fee required for maintaining security standards was in fact more than what had been stolen by the recent attack, the company admits to learning a lesson on the importance of enforcing security despite steep costs.
In terms of the stolen assets, the majority of funds have been found to belong to the company itself, however approximately $9,300 did belong to active users. As a result, SpankChain, which managed to raise over $7 million during last year’s ICO, announced that all users affected by the incident will be reimbursed with ETH via airdrop.
Ether Smart Contract Program Fails to Stay Protected
According to CCN, the adult website joins the long list of ETH based projects that have been targeted by cyber attacks due to vulnerabilities by smart contract bugs. July was a hot month for security breaches as Bancor exchange experienced a loss of ETH funds amounting to $23 million. In this case, hackers developed a digital wallet that was utilized to perform smart contract upgrades on Bancor’s platform. Later that month KICKICO also lost funds amounting to $7.7 million via access to smart contract controls.
In addition, other instances of smart contract breaches pertaining to ETH wallets resulted in the loss of $32 million as well as the permanent immobilization of digital assets amounting to $150 million. According to Charlie Lee, industry figure and developer of the Litecoin, Ether’s smart contract program is a hotspot for cyber attacks.
Despite the significant correlation, it appears that smart contracts bugs for other networks have also been targeted by cyber attacks. During September, various dApps functioning on the EOS platform were also targeted. A minimum of two gambling networks lost a total of $260,000 due to a loophole discovered in the betting structure.