SpankChain Hacker Returns Stolen Ethereum, Earns $9,000 Reward

SpankChain ICO
Advertisement

The hacker who stole nearly $40,000 in ethereum from adult entertainment startup SpankChain has returned the stolen cryptocurrency, the company announced last night.

According to messages posted on the company’s official Twitter account, SpankChain CEO Ameen Soleimani reached an agreement with the anonymous hacker after speaking to them on the phone.

Following that conversation, the hacker provided SpankChain with the private key to an address holding the stolen funds and then further helped the company retrieve a few thousand dollars’ worth of funds that had been immobilized during the attack.

In return, SpankChain sent the hacker $5,000 as a bounty reward, purchased the formerly-frozen tokens back from them for $4,000, and returned the 5.5 ETH the hacker had used when launching the attack in the first place.

As CCN reported, the hack occurred last Saturday when the attacker successfully exploited a “reentrancy” bug in one of SpankChain’s smart contracts. The bug, similar to the one that led to the infamous downfall of The DAO, allowed the attacker to trick the SpankChain contract into allowing them to withdraw funds, even after the attacker’s payment channel balance had gone below zero.

The hacker originally made off with $38,000 in ethereum, and the attack immobilized a further $4,000 worth of SpankChain’s initial coin offering (ICO) token, BOOTY. Most of those funds belonged to the company, who had planned a $9,300 airdrop to compensate users for their losses.

Instead, the company paid out about $9,000 to the hacker, still far less than the $50,000 the company said that it would have cost to audit the smart contract prior to its deployment on the mainnet. However, the company has acknowledged in retrospect that the peripheral costs associated with foregoing that audit far exceeded the savings.

But while this specific incident was resolved remarkably amicably, computer scientist Emin Gün Sirer‏ has warned that many Ethereum smart contracts remain vulnerable to reentrancy attacks. Subsequent hacks may not have quite such a happy ending.

Featured Image from Shutterstock

Get Exclusive Crypto Analysis by Professional Traders and Investors on Hacked.com. Sign up now and get the first month for free. Click here!

Advertisement

Josiah is an assistant editor at CCN. A former ancient and medieval literature teacher, he has been reporting on cryptocurrency since 2014. He lives in rural North Carolina with his wife and children. He holds investment positions in bitcoin and other large-cap cryptocurrencies. Follow him on Twitter @Y3llowb1ackbird or email him directly at josiah.wilmoth(at)ccn.com.