Digital Skirmish: Stars Arena & Friend.tech Tales
The Stars Arena Web3 social media application, situated within the expansive realm of the Avalanche network, unfortunately experienced a financial setback due to a nefarious and deliberate assault, as indicated by the swirling currents of information within the social media landscape.
On the fateful day of October 5th, an individual known in the virtual realm as Lilitch.eth, keen-eyed and vigilant, unearthed a vulnerability within the Stars Arena application. With a sense of responsibility to the online community, they took to the platform known as X, previously referred to as Twitter, and sounded the alarm, estimating the loss to surpass a staggering $1 million. The Stars Arena team, in due course, validated this assault, characterizing it as a substantial challenge faced by the app. They were swift in responding, reassuring that the impact had been contained, resulting in approximately $2,000 in financial losses. The exploit was promptly addressed and remedied, reinstilling a sense of security.
THE EXPLOIT HAS BEEN FIXED.— Stars Arena (@starsarenacom) October 5, 2023
BUT DON’T GET THIS WRONG WE ARE AT WAR.
We’re being targeted by malicious actors in the space that want to steal your money.
The little guy is under attack.
You are under attack.
Your right to platform diversity is under attack.
Don’t get it… pic.twitter.com/DmbMdf9cAq
Stars Arena, akin to the esteemed Friend.tech, stands as a virtual oasis, offering denizens of the digital world the opportunity to acquire "shares," essentially tokenized assets artfully crafted by content creators. These tokens bestow upon their possessors unique privileges, granting access to a realm of exclusive content and enticing perks. The launch of Stars Arena sparked a remarkable surge in activity within the Avalanche network, witnessing a substantial spike in the daily transaction count, soaring by an impressive 186% from the tranquil days of October 3rd to the bustling eve of October 4th.
In the midst of this digital tumult on October 5th, Lilitch.eth, a diligent guardian of the virtual realm, boldly proclaimed on X, "1.1 million dollars are being drained right now due to the actions of inexperienced developers who failed to replicate Friend.tech with precision. If you find yourself in possession of ANY SHARES in StarsArena, it would be prudent to consider parting ways with them while the opportunity still presents itself." The proclamation was accompanied by a visual representation in the form of a screenshot showcasing a smart contract housing approximately 107,329 AVAX, a digital asset that commanded a value exceeding $1 million at that precise juncture.
@starsarenacom, you fucked up— lilitch.eth (@0xlilitch) October 5, 2023
1.1 million dollars are being drained right now because of noob devs who couldn't make a copy of https://t.co/h7traLwG9i that will work properly
If you hold ANY SHARES in StarsArena you should sell while you still can
read next⬇️ pic.twitter.com/HzgXvJc8ju
In response, voices emerged from the digital ether, accusing Lilitch.eth of sowing seeds of fear and uncertainty, a practice colloquially known as "fudding." Mork, a diligent developer associated with ZSwap, voiced a perspective countering this narrative. He posited that the exploitative assailants could not derive a profit from this endeavor due to the prohibitive gas costs required to execute the transaction, exceeding the gains from Avax extraction. He further elucidated that these were proxy contracts, malleable entities open to updates and modifications.
The Stars Arena team, undeterred and resolute, issued a resounding proclamation on X, emphatically asserting, "THE EXPLOIT HAS BEEN RECTIFIED." They provided insights, shedding light on the attackers' tactics, highlighting how they expended $5 in gas to siphon a mere $1 from the application, in a calculated ploy aimed at tarnishing its reputation through a well-coordinated dissemination of fear, uncertainty, and doubt (FUD). To elucidate the situation further and bridge the gap of understanding with the user base, the team orchestrated a gathering within the digital space of Twitter Spaces, an event aimed at providing clarity and reassurance to the concerned users. During this gathering, it was clarified that the financial impact of the attack was mitigated, with losses amounting to a mere $2,000.
Contrary to the team's account, Lilitch.eth vehemently disputed the notion that the assailants would squander $5 in gas to drain a meager $1. They countered, stating, "Nobody was spending $5 to extract $1 from your Total Value Locked (TVL), calm your digital nerves," firmly asserting that the attackers exercised prudence, halting their actions whenever gas prices escalated beyond the point of profitability. Lilitch.eth vehemently disavowed any intention of waging a "war" against the app, seeking amicable resolution. In a subsequent post, they extended an olive branch, affirming their support for the app now that the exploit had been remedied, proclaiming, "The conflict has been resolved, we are allies now. @starsarena to the moon."
Concurrently, denizens of the virtual realm who have embraced Friend.tech encountered a tide of SIM-swap attacks, engendering an atmosphere of trepidation and caution. On the auspicious day of October 5th, the Friend.tech team took proactive measures by implementing a strategic feature aimed at mitigating this pervasive issue—removing certain login methods from their platform, thereby bolstering their defenses against the relentless tide of cyber intrusions.
Read more: Ledger's Strategic Workforce Optimization