Tech 2 months agoEd Drake
Adult industry payment platform saves own ass after getting spanked
SpankChain, blockchain-based payment service solution for the adult industry, has disclosed the details of a hack that resulted in losses equivalent to $38,000.
As a result of a broken smart contract, a hacker was able to break into the SpankChain platform and siphon funds from some of its users, through deploying a reentrancy bug—the same bug that has previously been used to attack the DAO.
The scam saw losses of 165.38 ETH, as well as $4,000 worth of BOOTY on the platform immobilized, with the total balance divided between SpankChain and some of its users, with the organisation coming in for sharp criticism over the event.
Explaining the nuts and bolts of the attack, the firm posted an update on Medium: “In short, the attack capitalized on a ‘reentrancy’ bug, much like the one exploited in The DAO. The attacker created a malicious contract masquerading as an ERC20 token, where the ‘transfer’ function called back into the payment channel contract multiple times, draining some ETH each time.”
According to SpankChain, “The malicious contract first called createChannel to set up the channel, then called LCOpenTimeout repeatedly via reentrancy. The LCOpenTimeout is there to allow users to quickly exit payment channels which have not yet been joined by the counter-party.”
On Thursday, SpankChain CEO Ameen Soleimani confirmed that “the stuck BOOTY has been recovered.”
Operation "Save My Ass" is a success. The stuck BOOTY has been recovered. https://t.co/OpuHPWDXl5
— ? Ameen Soleimani (@ameensol) October 12, 2018
The now-resolved SpankChain hack comes as only the latest example of a significant hacking event affecting a crypto platform, with scams and hacks rapidly increasing in number over the last few months.
SpankChain acknowledged that it could have commissioned a security audit on the smart contract, which may have identified the weakness before it was exploited. However, this would have cost around $50,000, more than the total of the losses incurred.
Either way, SpankChain committed to tightening security as it continues to expand, saying, “As we move forward and grow, we will be stepping up our security practices, and making sure to get multiple internal audits for any smart contract code we publish, as well as at least one professional external audit.”
Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Satoshi Vision (BSV) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BSV is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.
Tech 4 hours ago
Australian insurance company asks, “Where’s the beef?”
An insurance company working for the truck and transport industry in Australia wants to know where’s the beef. According to a report on Australasian Transport News (ATN), National Transport Insurance (NTI) has begun a partnership ...
Tech 1 day ago
Wirex now supports IBAN system for its crypto debit cards
Cryptocurrency enthusiasts in the European Economic Area (EEA) can now take advantage of the Wirex crypto debit card in even more ways. Wirex has announced that cardholders across the EEA are able to add funds ...
Tech 2 days ago
Developer shows how double spending can occur on Bitcoin SV misses mark
One of the reasons cryptocurrency hasn’t taken off as an alternative to fiat as quickly as many enthusiasts would like is because there is generally a wait time associated with the transactions. This delay is ...