Avalanche-based Web3 social media app Stars Arena announced that it has secured the funding to cover the $3 million hole left by an exploit on Oct. 6. The team also added that it will re-open the smart contract once a full security audit has occurred.
In an announcement on X, the Stars Arena team noted: “We have secured the resources to close the gap caused by the exploit. Additionally, a special white hat development team is coming in to rapidly review the security of the platform.”
Important news: we have secured the resources to close the gap caused by the exploit.
Additionally, a special white hat development team is coming in to rapidly review the security of the platform.
We will re-open the contract with all the funds in full after a full security…
— Stars Arena (@starsarenacom) October 7, 2023
Stars Arena initially confirmed the hack on Oct. 6 and asked users not to deposit any funds while it investigated the security breach.
Blockchain security firms such as SlowMist tracked the hacker’s movements and outlined that they drained 266,103 Avalanche (AVAX) — worth almost $3 million at the time — from Stars Arena and then eventually went on to transfer the funds on to the Fixed Float crypto exchange.
SlowMist Security Alert@starsarenacom appears to have been stolen due to a major security breach in its smart contract, please do not deposit funds.
Currently, the hacker transferred 266,103 $AVAX to the address (0xa2Eb…ad7A). The address (0xa2Eb…ad7A) transferred… https://t.co/BtkRCTk8CK pic.twitter.com/o0YrX8ZOCK
— SlowMist (@SlowMist_Team) October 7, 2023
A few hours after the hack, the Stars Arena team apologized for the exploit and also revealed that its website was suffering from a Distributed Denial-of-Service (DDoS ) attack.
“We are deeply sorry for what happened. Our smart contract was exploited and the funds were drained. The site is currently under DDoS attack. We are working on a solution to get everyone’s funds recovered and have the Arena move forward. We are working on a solution to get everyone’s funds recovered and have the Arena move forward,” the team said.
Moving forward, the team emphasized in an Oct. 7 X Spaces that it will take time to ensure security is “watertight” before relaunching the smart contract.
As it stands, it’s not entirely clear when the project will re-open, but the team says it will happen “very soon.”
This marks the second exploit on Stars Arena over the past week.
On Oct. 5, Cointelegraph reported that Stars Arena had patched a vulnerability after a hacker siphoned $2,000 worth of AVAX from the platform.
Related: Galxe protocol experiences DNS attack, losses top $150K and still growing
After facing criticism from members of Crypto Twitter over the platform’s security, the Stars Arena team called out “coordinated fud” and vowed to march on.
Stars Arena joins a growing list of social finance platforms that have sprouted up since Friend.tech entered the market in August.
Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis