According to the SpankChain, a provider of a blockchain-powered payment service solution for the adult entertainment industry, the company’s payment channel was attacked by an unknown hacker on Thusday. The attacker stole around $38,000 (165.38 ETH). The attack resulted in $4,000 worth of BOOTY on the contract becoming immobilized. About the half of that ETH/BOOTY belonged to the users.
SpankChain explained that the hacker had exploited a “reentrancy” bug, and had created "a malicious contract masquerading as an ERC20 token, where the 'transfer' function called back into the payment channel contract multiple times, draining some ETH each time." The company also admitted foregoing a security audit for the payment channel contract because of its significant cost between $30,000 and $50,000.
Last night the SpankChain CEO Ameen Soleimani spoke to the hacker on the phone and reached a deal with him or her. As a result, the attacker returned the funds to the company's ETH wallets, helping to recover 4000 BOOTY tokens that had been "immobilized"as a result of the attack.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.