Stars Arena: Avalanche Social App Loses $3 Million in AVAX to Hacking Attack

The newly launched viral application, Stars Arena, which debuted just under a week ago, saw a meteoric rise in popularity.

However, today, the platform faced a major setback as attackers managed to drain nearly all the locked funds by exploiting a vulnerable smart contract designed to safeguard tokens on the social application.

This breach resulted in the loss of approximately $3 million worth of Avalanche's AVAX tokens, leaving Stars Arena with a meager sum of just under $1 in remaining funds. The warning signs of this exploit began to surface early on Saturday in the Asian time zone, with the Twitter user @0xLawliette being one of the first to raise an alert. Subsequently, another user, @0xlilitch, emphasized potential security vulnerabilities just yesterday.

The Stars Arena development team confirmed the attack in a tweet on Saturday morning.

There has been a major security breach with the smart contract.

We're actively checking the issue.

DO NOT deposit any funds.

Stay tuned for updates.

— Stars Arena (@starsarenacom) October 7, 2023

Since its launch a little over a week ago, Stars Arena rapidly amassed a devoted following, particularly among members of the Avalanche community. Some users even managed to earn up to 1,000 AVAX in trading fees from the platform. Additionally, it played a role in driving up AVAX token prices by as much as 6% at one point during the week.

Stars Arena had drawn comparisons to Friend.Tech, another social app operating on the Ethereum network, which had garnered 100,000 users within a few weeks of its release in August. Both applications enable users to acquire "keys" or "shares" of prominent X users in exchange for access to exclusive chatrooms, potentially offering various privileges to these shareholders.

The values of these shares tend to be highly volatile, leading some users to treat these price fluctuations akin to trading tokens and generating profits.

Despite the security exploit, some employees of Ava Labs expressed support for the platform's developments, which may have contributed to user trust. Notably, founder Emin Gün Sirer and other Ava Labs employees had shown enthusiasm for the app through various posts on X.

However, Sirer appeared to downplay concerns about a potential security breach when it was initially brought up by @0xlilitch on Friday, even suggesting that a possible breach had already been addressed.

So much FUD about a Stars Arena exploit that has (1) already been fixed, (2) cost the attacker $0.25 to make $0.04, and (3) the attacker extracted a sum total of only $2,000. Now that it's over, let's get back to having fun in the arena.

— Emin Gün Sirer???? (@el33th4xor) October 5, 2023

The world of cryptocurrency markets continues to grapple with significant security challenges and illicit activities. In 2023 alone, it is estimated that exploits and hacks have resulted in losses amounting to around $1.3 billion.

Read more: Google Cloud's BigQuery: Blockchain Expansion 2023