Stars Arena hack that spurs $2K from its contract address

72
2
Stars Arena hack that spurs $2K from its contract address

Stars Arena developers patched a smart contract vulnerability during an ongoing heist that enabled hackers to drain almost $2,000 from its contract address.

The contract wallet address of the decentralized social media protocol in Avalanche still holds more than $1 million despite the heist.

Cryptocurrency tech, a popular decentralized social media protocol that recently made up 21% of transaction fees on Coinbase's Ethereum layer 2 blockchain Base.

Since its introduction, Friend.tech has been a popular crypto social media app but this popularity has come at a substantial cost for users, following a raft of sim-swap attacks.

Both protocols allow users to earn shares to monetise and trade their social media clout.

Stars Arena, launched in September, has soared to control over $1 million in investments from users and has contributed to a rise in transactions on Avalanche.

Despite the growth, it still pales in comparison to friend.tech, which has $45 million in investments.

Users are supposed to buy shares for Avalanche's native crypto AVAX in exchange for Avalanche's native crypto AVAX or sell them for AVAX.

The exploit, which spanned multiple attacker wallet addresses, exploited a vulnerability that enabled them to sell zero shares in exchange for AVAX, essentially draining funds from the protocol's contract address.

On-chain data, verified by reports from team members, show that near $2,000 was syphoned from the Stars Arena contract wallet earlier on Thursday.

Despite the exploit, community members said the situation was always under control. The exploit was not economically viable, he said.

The exploit caused a massive surge in gas prices on Avalanche, far above the earnings from the exploit. The exploiter spent more money on fees than they earned from the heist.

Some community members on Discord have said that the hack could have increased more viable if gas fees became much lower before the vulnerability was patched.

The entire protocol was briefly unavailable while the team rushed to solve the problem, but community members on Discord have begun to report the resumption of some services.

The Stars Arena developers did not immediately respond to DL News' requests for comment.

Osato Avan-Nomayo is our Nigeria-based DeFi correspondent. He covers DeFi and tech.