Web3-based social media platform, Stars Arena, has made a significant recovery of the crypto assets lost during a security breach on October 7, 2023. As per the update shared on October 11, 2023, via a tweet, the platform successfully reclaimed approximately 90% of the stolen funds. The total amount stolen was 266,104 Avalanche (AVAX) tokens, which, at the time, had a market value of around $3 million, as reported by Blockchain.News. The recovery came after the platform reached a settlement with the individual responsible for the exploit. The compromised funds were returned, excluding a 10% bounty fee given to the exploiter, which amounted to 26,610 AVAX, plus an additional 1,000 AVAX that was apparently lost in a bridge during the exploit, totaling a 27,610 AVAX bounty.
Stars Arena received back a sum of 239,493 AVAX, processed in two separate transactions, each comprising 119,246 AVAX. The bounty, valued at nearly $257,000 at the time, served as a compensatory measure for the individual responsible for the exploit.
Following the recovery, Stars Arena has taken strides to bolster its security framework to prevent similar incidents in the future. The platform disclosed that it has developed a new smart contract to secure the returned funds before re-launching. As a part of the ongoing effort to enhance security, the platform is in the final stages of conducting an audit on the new contract. Initially, on October 7, the platform had notified its community about the significant security breach caused due to a flaw in the smart contract that led to the draining of funds.
In a follow-up update, Stars Arena revealed that it has secured additional funding to address the security lapse and has engaged a development team to conduct a comprehensive security audit. However, details regarding the nature of the exploit have yet to be disclosed.
This wasn’t the first security issue faced by Stars Arena. Merely two days before the major exploit, on October 5, a smaller security breach occurred, though the hackers could only manage to steal around $2,000 worth of assets. The root cause was identified as a vulnerable price function in the platform’s smart contract, which allowed the exploiter to sell user shares at no cost and receive AVAX in return. The vulnerability was later patched by the platform.
The security challenges aren’t unique to Stars Arena as its main competitor, Friend.tech, has also witnessed targeted SIM-swap attacks. In response, Friend.tech has recently enhanced its security features to thwart such attempts.
Image source: Shutterstock