- Stars Arena lost almost all of its locked funds on Saturday in the early hours when attackers exploited a smart contract that secured tokens in the social app.
- While Twitter user 0xLawliette seemed to issue the first warning about the exploit in the early hours of Saturday, another user named 0xlilitch had raised concerns about possible security issues.
- Stars Arena was launched just over a week ago and quickly gained massive followers among the Avalanche community, with some earning transaction fees of up to 1,000 AVAX from the platform.
Avalanche’s rapidly growing platform, Stars Arena, managed to capture everyone’s attention, but the story didn’t end well.
Stars Arena Grew Quickly but Had a Short Life
Avalanche’s rising platform, Stars Arena, lost almost all of its locked funds on Saturday in the early hours when attackers exploited a smart contract that secured tokens in the social app.
Approximately $3 million worth of Avalanche (AVAX) tokens were withdrawn, and after the attack, Stars Arena was left with only $1 in funds. Twitter user 0xLawliette appeared to issue the first warning about the exploit in the early hours of Saturday, but another user named 0xlilitch had raised concerns about possible security issues. Stars Arena developers confirmed the attack in a tweet they posted on Saturday morning. The table below shows the funds in Stars Arena:
Stars Arena was launched just over a week ago and quickly gained massive followers among the Avalanche community, with some earning transaction fees of up to 1,000 AVAX from the platform. It also boosted AVAX token prices by as much as 6% during the week, driving AVAX’s price up to $11.88.
It gained significant attention as a clone of Ethereum-based Friend.Tech, which reached 100,000 users shortly after its launch in August. Both apps allow users to purchase “keys” or “shares” of popular X users’ access to a private chat room, which can offer various privileges to these owners.
The values of these shares are highly volatile, so some users assess price fluctuations similarly to tokens and make profits.
Emin Gün Sirer Frequently Supported Stars Arena
The attack occurred during a period when some Ava Labs employees appeared to be supporting certain developments, which may have increased user trust. Some Ava Labs employees, including founder Emin Gün Sirer, seemed to exaggerate the application in several X posts. However, when first pointed out by 0xlilitch, Sirer downplayed concerns about a potential security vulnerability, stating that the issue had already been “fixed.”
Crypto markets continue to remain an area with low security practices and high levels of criminal activity, with estimates suggesting that such attacks and hacks alone have resulted in a loss of $1.3 billion in value in 2023.
What Is Stars Arena?
Stars Arena is a version of FriendTech that allows users to purchase tokens that grant access to a chat room. These tokens are often priced on a bonding curve, meaning that as more people buy tokens, they become increasingly expensive. Fees in such applications are also quite high, with FriendTech charging a 10% fee per transaction, divided between the application and the group owner.
Stars Arena recently faced a much smaller vulnerability that allowed anyone to drain AVAX coins from the project’s smart contract. However, exploiting the vulnerability was challenging because it was not profitable due to high transaction fees, and very few funds were lost before it was fixed.
At the time, Ava Labs CEO Emin Gun Sirer dismissed reports about the issue as “FUD,” which stands for “fear, uncertainty, and doubt,” and said it was time to “get back to having fun in the arena.” Stars Arena also made a lengthy X post claiming it was targeted by malicious actors as part of “coordinated FUD” and promised to “fight, survive, and win.”
Despite all this, the Stars Arena team confirmed the hack attack on Saturday, shattering the trust of the entire crypto community, including the Avalanche community, in SocialFi apps.