SpankChain, a blockchain-based porn website built on the Ethereum network, announced via a blog post on Oct. 9 that it had been hacked and lost a total of 165.38 ETH (approx. $38,000) and BOOTY worth $4,000. Users lost 34.99 ETH (approx. $8,000) and 1,271.88 BOOTY (approx. $9,300), and SpankChain lost the remaining balance. The unknown hackers took advantage of a “reentrancy” bug, similar to the one exploited in the 2016 The DAO hack. The hack or its success is partly due to SpankChain foregoing a security audit because of high costs.
In the blog post, the SpankChain team said:
“Unfortunately, as we were in the middle of investigating other smart contract bugs, we didn’t realize the hack had taken place until 7:00 pm PST Sunday, at which point we took Spank.Live offline to prevent any additional funds from being deposited into the payment channels smart contract.”
Damage Control
The SpankChain team will reimburse all the customer funds lost in the hack through an airdrop. The reimbursement funds will be deposited into the customers’ SpankPay accounts but will only be available after the platform has been rebooted.
The platform will shut down its camsite services for two to three days or more if need be. During this time, the platform will patch the exploited smart contract and redeploy it in order to prevent the repeat of a similar incidence.
Spank.Live will be updated so that it can use a new payment channel. The platform will airdrop ETH to affected customers and also fix the bugs they were working on prior to the hack. In the following days, SpankChain will conduct an “in-depth investigation” of the hack.
The company partly took responsibility for the hack and mentioned that it had decided to skip a security audit for the smart contract payment channel. It skipped the security audit because it is expensive as they had paid $17,000 for a previous audit.
In a pledge to improve their security, the SpankChain team said:
“[We are] making sure to get multiple internal audits for any smart contract code we publish, as well as at least one professional external audit.”
Cryptocurrencies and the Adult Industry
Launched in 2017, SpankChain raised approximately $24 million in its initial coin offering. SpankChain was created to lower commission fees for cam girls from around 50–70 percent to as low as 5 percent.
In recent times, the adult entertainment industry has been moving toward leveraging blockchain technology to facilitate private and anonymous transactions by using cryptocurrencies as a method of payment.
In April, Pornhub, an adult entertainment website that received 28.5 billion visits in 2017, generated a great deal of buzz when it announced that it was partnering with Verge cryptocurrency. However, TheNextWeb reported in September that less than 1 percent of Pornhub users bought subscriptions using cryptocurrencies.
