SpankChain ICO Project Suffers Losses Of About $38,000 After Hacking
SpankChain, an ICO project focused on content production for adult entertainment, was attacked by the hackers at 01:00 (UTC) on Monday, October 8, according to the company’s blog.
As a result of the cyber attack, the scammers managed to steal 165.38 ETH (approximately $38,000). The attackers got into the SpankChain system due to a bug in the smart contract of payment channels. Besides the ethers theft, the SpankChain BOOTY tokens worth $4000 were also blocked.
At 6pm PST Saturday, an unknown attacker drained 165.38 ETH (~$38k) from our payment channel smart contract which also resulted in $4,000 worth of BOOTY on the contract becoming immobilized. Here is what we know so far: https://t.co/wuwkZCxj5j— SpankChain (@SpankChain) 9 октября 2018 г.
The company's specialists managed to detect the hack only a day later because they were engaged in the elimination of other errors in smart contracts at that time. The Internet resource Spank.Live was taken offline to prevent the introduction of new bugs.
The company's clients owned $9300 of the stolen funds. SpankChain is ready to pay compensations, which will be sent to the victims’ accounts and will be available after the resumption of Spank.Live.
It takes from two to three days to eliminate the consequences of the cyber attack. During this time, all bugs that caused the hacking will be fixed, and the remaining problems of smart contracts will be resolved. According to the first conclusions made by the company's specialists, the hacker took advantage of the “reentrancy” vulnerability. The attacker disguised the malicious program as an ERC-20 token and withdrew a certain number of ethers, as indicated in the SpankChain statement.
As previously reported, cyber fraudsters tried to steal bitcoins using cheats for the game Fortnite.