Stealing a tip from a stripper is like stealing candy from a child. It's just not pretty. Someone needs to tell this to the scoundrel who managed to steal 165.38 ETH ($34,000) using a bug in one of SpankChain's smart contracts.
SpankChain is an Ethereum-based smart contract, and BOOTY is an ERC-20 token that is issued to dancers during live webcam performances. During the hack, $4,000 worth of BOOTY tokens were also frozen due to a security breach.
SpankChain did not announce the attack on its website until the next 24 hours because it was busy investigating other smart contract errors and did not notice the incident. And although the investigation is still ongoing, the company explained in detail how exactly this happened, indicating the address of the attacker, the malicious contract and the internal transactions associated with it. It turns out that the hacker used the same bug that another hacker used in an attack on the DAO project. Namely: a bug called “recursive call”, which allows you to repeatedly withdraw tokens and recollect ETH within the same transaction.
It should be noted that SpankChain took this more seriously than many other sites that fall victim to security flaws, and has set itself the task of compensating all users who lost funds in the attack. The company plans to carry out an ETH airdrop on all of the stolen ETH and BOOTY worth $9,300.
The company has also now decided to pay an audit fee of $30,000 - $50,000, deeming Zeppelin's $17,000 audit to be insufficient. SpankChain said in a statement that paying more for security is a prudent, pragmatic decision.
The site has promised to improve its security practices in the future, and hopes that all users and dancers will collect even more BOOTY.
According to bitcoinist.com
You May Also Like
Buy the Dip. Comedy about crypto success. Trailer
Buy the Dip is a satirical film about cryptocurrency that serves as the pilot for a series of short comedies about current trends and technologies. It will be a funny (but no less cynical) version of "Black Mirror," says the film's director Sam Lucas Smith. Judging by the trailer, the comparison is not at all far-fetched; although it is shot more in the spirit of the films "Silicon Valley" and "Trainspotting."
Cryptocurrency - no! To drug dealers - yes! Australian bank epic fail
The Commonwealth Bank of Australia (CBA), which recently categorically banned customers from buying cryptocurrency with credit cards, has agreed to pay a further A$700 million in legal fees for violating anti-money laundering and counter-terrorism laws that have helped some of the bank's drug-dealing clients make millions in profits.
