Inside money, markets, and big tech

Porn-oriented cryptocurrency SpankChain skips security audit, gets hacked

SpankChain says a proper security audit would've cost too much


Another day, another cryptocurrency hack. Notorious blockchain startup SpankChain has temporarily taken down its adult streaming platform after attackers exploited its smart contracts to steal $38,000 worth of Ethereum.

The company, which aims to provide a cryptocurrency payment protocol for the adult industry, confirmed the hack on its official blog. SpankChain further said it expects its streaming platform will remain offline for the next couple of days (and possibly more), until all security flaws have been sorted.

The worst part is that it appears a chunk of the stolen funds belonged to SpankChain users. The company has since vowed it will conduct an airdrop to reimburse affected users.

As a result of the hack, $4,000 worth of SpankChain’s native token (BOOTY) has been frozen for the time being.

SpankChain says its team is still investigating the attack, but its preliminary analysis suggests the attackers created a malicious ERC20 contract (a popular Ethereum standard for tokens) in order to drain company assets.

A SpankChain spokesperson has since admitted the vulnerable smart contract never underwent proper security audits. “It was our decision to forego a security audit for the payment channel contract,” the company wrote, citing high auditing costs as the reason to forego the procedure.

As we move forward and grow, we will be stepping up our security practices, and making sure to get multiple internal audits for any smart contract code we publish, as well as at least one professional external audit,” SpankChain promised.

While blockchain marketers often tout the technology’s heightened security features as one of its selling points, SpankChain is hardly the only crypto-startup that has struggled to keep its audience safe this year.

Earlier this year, Bancor got hacked for $12.5 million worth of Ethereum. But thanks to a backdoor built into its smart contracts, the startup was able to reverse the transactions and claim back some of the stolen funds. Still, tons of blockchain purists criticized the company for baking in a feature to reverse transactions. After all, one of the most compelling aspects of blockchain technology is its immutability.

Craving more blockchain? Join us at Hard Fork Decentralized, our three-day event in London. We’ll discuss the industry’s future together. You can now register on our website!

Published October 9, 2018 — 14:58 UTC