Vulnerability in the payment channel of smart contracts of the entertainment blockchain platform for adults SpankChain allowed attackers to steal $ 38,000 in Ethereum and native tokens of the BOOTY project. This is what the SpankChain team reported in a post on Medium entitled “We were spanked: what is known at the moment.”
$ 9,300 of the stolen funds belonged to users of the Ethereum site, the remaining amount – SpankChain. The project team stated that the theft was committed because of a vulnerability called “recursive challenge”, which in 2016 led to the cracking of The DAO .
“The attackers created a malicious contract that disguised as an ERC-20 token, where the“ transfer ”function repeatedly returned to the payment channel contract and drained the funds,” the blog says.
The company learned about the burglary a day after the attack. At the time, the project froze $ 4,000 in BOOTY tokens on the SpankChain network.
According to representatives of the project, they are working on solving the problem. However, it will not affect the operation of the platform, the blog says. The SpankChain team also promised to pay damages to users.
Earlier, BlockchainJournal reported that a vulnerability in an EOS application's smart contract allowed a hacker to receive $ 200,000.
Subscribe to BlockchainJournal news in Telegram: BlockchainJournal Live – the entire news feed, BlockchainJournal – the most important news and polls.
BlockchainJournal.news
