Stars Arena secures funds to plug $3M exploit, set to reopen after security audit
Avalanche-based Web3 social media app Stars Arena announced that it had secured the funding to cover the $3 million hole left by an exploit on Oct. 6. The team also added that it will re-open the smart contract once a full security audit has occurred.
In an announcement on X (formerly Twitter), the Stars Arena team noted: “We have secured the resources to close the gap caused by the exploit. Additionally, a special white hat development team is coming in to rapidly review the security of the platform.”
Important news: we have secured the resources to close the gap caused by the exploit.
Additionally, a special white hat development team is coming in to rapidly review the security of the platform.
We will re-open the contract with all the funds in full after a full security…
— Stars Arena (@starsarenacom) October 7, 2023
Stars Arena initially confirmed the hack on Oct. 6 and asked users not to deposit funds while investigating the security breach.
Blockchain security firms such as SlowMist tracked the hacker’s movements and outlined that they drained 266,103 Avalanche (AVAX) — worth almost $3 million at the time — from Stars Arena and then eventually went on to transfer the funds onto the Fixed Float crypto exchange.
SlowMist Security Alert@starsarenacom appears to have been stolen due to a major security breach in its smart contract, please do not deposit funds.
Currently, the hacker transferred 266,103 $AVAX to the address (0xa2Eb…ad7A). The address (0xa2Eb…ad7A) transferred… https://t.co/BtkRCTk8CK pic.twitter.com/o0YrX8ZOCK
— SlowMist (@SlowMist_Team) October 7, 2023
A few hours after the hack, the Stars Arena team apologized for the exploit and also revealed that its website was suffering from a distributed denial of service (DDoS ) attack.
“We are deeply sorry for what happened. Our smart contract was exploited and the funds were drained. The site is currently under DDoS attack. We are working on a solution to get everyone’s funds recovered and have the Arena move forward. We are working on a solution to get everyone’s funds recovered and have the Arena move forward,” the team said.
Moving forward, the team emphasized in an Oct. 7 X Spaces that ensuring security is “watertight” will take time before relaunching the smart contract.
As it stands, it’s not entirely clear when the project will re-open, but the team says it will happen “very soon.”
This marks the second exploit on Stars Arena over the past week.
On Oct. 5, Cointelegraph reported that Stars Arena had patched a vulnerability after a hacker siphoned $2,000 worth of AVAX from the platform.
Related: Galxe protocol experiences DNS attack, losses top $150K and still growing
After facing criticism from members of Crypto Twitter over the platform’s security, the Stars Arena team called out “coordinated fud” and vowed to march on.
Stars Arena joins a growing list of social finance platforms that have sprouted up since Friend.tech entered the market in August.
Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis