Stars Arena recovers 90% of stolen crypto after October exploits, rewarding hacker with a 10% bounty
Recently, the Web3 social media platform has managed to reclaim a substantial portion of the cryptocurrency stolen in an October 7th exploit. The platform confirmed that nearly 90% of the 266,000 Avalanche (AVAX) tokens, valued at approximately $3 million at the time, have been returned. This significant recovery comes in exchange for a 10% bounty offered to the person responsible for the breach.
In an announcement via X today, Stars Arena revealed that they had agreed with the exploit’s orchestrator, offering them a 27,610-AVAX bounty, equivalent to nearly $257,000. This sum includes compensation for an additional 1,000 AVAX, worth over $9,000, which the exploiter seemed to have lost during a bridge transaction.
Moreover, Stars Arena shared its commitment to enhancing security by developing a new smart contract. Before reinstating the reclaimed funds and launching the updated contract, they were in the final stages of conducting a thorough audit to ensure the platform’s integrity.
Security Challenges In Stars Arena’s Ecosystem
The ordeal began on October 7 when Stars Arena informed its community about a significant security breach. This exploit had been linked to vulnerabilities within the platform’s smart contract, allowing unauthorized access and the drainage of funds. Although the development team engaged in damage control by securing funding and commissioning a full security audit, specific details regarding how the exploit occurred have yet to be disclosed.
Stars Arena had experienced a smaller-scale exploit on Oct 5, resulting in a loss of approximately $2,000. This earlier breach was attributed to the absence of a protective price function within the platform’s smart contract, enabling the exploiter to exchange user shares for AVAX tokens. The pseudonymous user “0xlilitch” elucidated this vulnerability in a post, and Stars Arena has since reported that they have successfully patched the security gap.
In an intriguing convergence, users of Stars Arena’s primary rival, Friend.tech, have similarly faced SIM-swap attacks. Responding to these challenges, Friend.tech has recently integrated enhanced security protocols to bolster its resilience against such incursions.