- Stars Arena regains 90% of the funds lost in a recent security exploit.
- The hacker behind the exploit returns 239,493 AVAX after negotiations, accepting a 10% bounty.
- A breach last week saw the Avalanche-based social protocol lose funds due to a reentrancy issue.
After a significant security breach last week, Stars Arena manages an unexpected turnaround, reclaiming most of its stolen funds from the very hacker who took them.
A Successful Negotiation Leads to Recovery
Stars Arena, operating on the Avalanche network, experienced a considerable security exploit on October 7, resulting in substantial funds being siphoned from its smart contract. However, in an unforeseen twist, the protocol’s team successfully negotiated with the hacker, leading to the return of approximately 90% of the stolen funds.
Details of the Exploit and Its Aftermath
The security flaw was identified as a reentrancy issue that allowed attackers to exploit platform tickets, inflating their prices substantially. PeckShield, a security analysis firm, placed the total lost funds at around 266,104 AVAX coins, equivalent to $2.9 million at the time. Following this attack, Stars Arena’s value locked within the app plummeted, reaching an alarming zero. The platform acted swiftly, cautioning users and advising against further deposits.
Terms of the Agreement with the Hacker
In a turn of events, Stars Arena reached an understanding with the hacker. The agreement’s terms were clear – the hacker would return roughly 90% of the illicitly obtained funds in exchange for a 10% bounty. This arrangement saw the return of 239,493 AVAX across two separate transactions, and in return, the hacker was awarded a bounty totaling 27,610 AVAX, equating to approximately $250,000, as stated by the team.
Understanding Stars Arena’s Operations
Stars Arena, a derivative of FriendTech, enables users to buy or sell influencer profile tokens, granting them access to specific chat rooms. The pricing structure for these tokens is based on a bonding curve, with prices escalating as demand rises. The platform also charges significant transaction fees, with a hefty 10% fee on every token sale. This fee gets split evenly, with half going to the project’s team as revenue, and the other half getting dispersed to users trading the tokens.
Conclusion
The incident at Stars Arena serves as a potent reminder of the security vulnerabilities inherent in the DeFi world. Yet, the protocol’s ability to negotiate and reclaim most of its lost funds paints a hopeful picture, suggesting that even in the face of adversity, there’s room for dialogue and resolution.
