The Stars Arena Web3 social media app on Avalanche recently experienced a malicious attack, resulting in the loss of some funds. The attack was discovered by a user named Lilitch.eth, who reported it on X (formerly Twitter) and claimed that over $1 million worth of funds were lost. The Stars Arena team confirmed the attack and described it as a “war” against the app. However, they clarified that the actual losses amounted to approximately $2,000 and assured users that the exploit had been fixed.
Stars Arena is a platform similar to Friend.tech, where users can purchase “shares” that represent tokenized assets issued by content creators. Token owners can gain access to exclusive content and other benefits granted by the issuers. Since the launch of Stars Arena, Avalanche has experienced a significant surge in activity, with the network’s daily transaction count increasing by over 186% from October 3 to 4.
On October 5, Lilitch.eth made a post on X, stating that “1.1 million dollars are being drained right now because of noob devs who couldn’t make a copy of Friend.tech that will work properly. If you hold ANY SHARES in StarsArena you should sell while you still can.” They accompanied the post with a screenshot of a smart contract containing approximately 107,329 AVAX, which was valued at over $1 million at the time.
In response to Lilitch.eth’s claims, some users accused them of spreading fear, uncertainty, and doubt (FUD). Mork, a developer from ZSwap, argued that the attackers couldn’t profit from the exploit because the gas fees required to execute the transactions were higher than the amount of AVAX extracted. Mork also emphasized that the app’s proxy contracts could be updated.
Related Post
The Stars Arena team addressed the issue by declaring on X that the exploit had been fixed. They revealed that attackers had been spending $5 in gas fees to drain $1 from the app, attempting to damage its credibility through coordinated FUD. To provide further clarification to users, the team organized a Twitter Spaces event to explain the situation and confirmed that only around $2,000 had been lost in the attack.
Lilitch.eth responded to the team’s post, denying that attackers had been spending $5 in gas fees. They stated that no one was willing to spend $5 to obtain $1 from the app’s total value locked (TVL), and instead suggested that the attackers stopped their activities whenever gas prices became too high to make the attack profitable. Lilitch.eth also clarified that they were not engaged in a “war” against the app and expressed support for Stars Arena now that the exploit had been patched.
It is worth noting that Friend.tech and similar apps have been facing a series of SIM-swap attacks, which have left users concerned about the security of their funds. In response, the Friend.tech team implemented a function to remove login methods, aiming to combat the problem and enhance user security.
In conclusion, the Stars Arena Web3 social media app on Avalanche fell victim to a malicious attack that resulted in the loss of some funds. Despite initial claims of over $1 million in losses, the actual amount lost was approximately $2,000. The Stars Arena team swiftly patched the exploit and reassured users that the situation had been resolved. As the industry continues to navigate the challenges of security and exploits, the incident serves as a reminder of the importance of robust security measures to ensure the protection of user funds and platform integrity.
