A flaw in the Stars Arena price function enabled hackers to steal approximately $2,000; however, the flaw has since been rectified.
After patching an exploit that allowed attackers to steal $2,000 from the Avalanche-based decentralized social media platform, the team behind the new Friend. Tech-inspired protocol Stars Arena derided “coordinated FUD” as unfounded.
In a tweet dated October 5, the Stars Arena account stated that the exploit had been patched and added, “Don’t get this wrong, we are at war.”
THE EXPLOIT HAS BEEN FIXED.
BUT DON’T GET THIS WRONG WE ARE AT WAR.
We’re being targeted by malicious actors in the space that want to steal your money.
The little guy is under attack.
You are under attack.
Your right to platform diversity is under attack.
Don’t get it… pic.twitter.com/DmbMdf9cAq
— Stars Arena (@starsarenacom) October 5, 2023“0xlilitch” of X claimed that Stars Arena’s “noob devs” failed to patch a vulnerability in the platform’s price function, enabling attackers to sell “tickets” to zero users in exchange for technically free Avalanche AVAX tokens.
@starsarenacom, you fucked up
1.1 million dollars are being drained right now because of noob devs who couldn't make a copy of https://t.co/h7traLwG9i that will work properly
If you hold ANY SHARES in StarsArena you should sell while you still can
read next⬇️ pic.twitter.com/HzgXvJc8ju
— lilitch.eth (@0xlilitch) October 5, 2023However, the attackers reportedly found the assault vector to be economically unfeasible. The exploit caused a significant increase in Avalanche’s gas prices, making extracting the earnings from the breach considerably more costly than anticipated.
Consequently, the assailants allegedly spent more on gas fees than they made from the exploit. In an X post, the CEO of Ava Labs, Emin Gün Sirer, noted that for every $0.04 earned from the exploit, the hackers spent an average of $0.25.
So much FUD about a Stars Arena exploit that has (1) already been fixed, (2) cost the attacker $0.25 to make $0.04, and (3) the attacker extracted a sum total of only $2,000. Now that it's over, let's get back to having fun in the arena.
— Emin Gün Sirer🔺 (@el33th4xor) October 5, 2023Despite the relatively unsuccessful exploit, crypto community members were eager to retaliate against the Stars Arena team. “Foobar,” the pseudonymous founder and developer of Delegate, criticized the platform, alleging that it botched its Friend. Tech fork and instructed Stars Arena to “delete your account and product, clownshow.”
THE EXPLOIT HAS BEEN FIXED.
BUT DON’T GET THIS WRONG WE ARE AT WAR.
We’re being targeted by malicious actors in the space that want to steal your money.
The little guy is under attack.
You are under attack.
Your right to platform diversity is under attack.
Don’t get it… pic.twitter.com/DmbMdf9cAq
— Stars Arena (@starsarenacom) October 5, 2023Stars Arena is the most recent addition to a roster of social finance platforms, including Alpha on the Bitcoin network, Friendzy on Solana, and PostTech on Arbitrum.
Despite the proliferation of similar DeSo apps, Friend.Tech continues to dominate the market with over $293 million monthly trading volume, surpassing PostTech by over $283 million.
