SpankChain, the Ethereum-based adult site, has had their smart contract hacked. Their announcement read:
At 6pm PST Saturday, an unknown attacker drained 165.38 ETH (~$38,000) from our payment channel smart contract which also resulted in $4,000 worth of BOOTY on the contract becoming immobilized. Of the stolen/immobilized ETH/BOOTY, 34.99 ETH (~$8,000) and 1271.88 BOOTY belongs to users (~$9,300 total), and the rest belonged to SpankChain.
To compensate for lost funds, SpankChain is planning an airdrop of ETH to its affected users. In addition, SpankChain’s website will be down for at least 2-3 days while the smart contracts are being upgraded.
The hack is still under investigation, but according to SpankChain:
The attack capitalized on a “reentrancy” bug, much like the one exploited in The DAO. The attacker created a malicious contract masquerading as an ERC20 token, where the “transfer” function called back into the payment channel contract multiple times, draining some ETH each time.
On the SpankChain platform, payment channels are used to facilitate off-chain transactions between users and performers. These payment channels provide fast, affordable transactions – similar to Bitcoin’s Lightning Network.
In their announcement, SpankChain admits they did not secure their code: “It was our decision to forego a security audit for the payment channel contract.”
The rationale in skipping the security audit is that these payment channels would never hold much money. Considering how expensive smart contract security audits are, they decided to skip third party auditing, and after this hack, Spankchain will be hiring teams to perform security audits and double check for bugs.
Launched in 2017, SpankChain is a dApp that aims to decentralize the adult streaming services industry.
Current websites charge exorbitant fees, taking 30-40% of the camgirls’ revenue. SpankChain however, aims to lower fees (to around 5%) while also empowering those appearing on their site with censorship resistant money.
Many performers in the adult industry have trouble with banking – payments are often blocked or frozen by PayPal. SpankChain hopes to use the Ethereum blockchain to make streaming more affordable and reliable for its performers.
According to ICOBench, SpankChain raised $24M during their ICO, which was done in October & November 2017. The platform runs on a multi-token model. SPANK is the main token. 1 billion SPANK were produced after the ICO.
Users can stake the SPANK token to receive BOOTY tokens. The BOOTY token is not sold on the open market. Instead, BOOTY can be exchanged for a $1 credit in SpankChain infrastructure fees. However, the SpankChain platform (fees and donations) can be paid for with BTC or ETH.
SPANK is trading at the time of writing at 0.00032 BTC, as shown in the chart below from CryptoCompare.