Stars Arena recovers 90% of stolen funds after offering $257K bounty
Web3 social media platform Stars Arena says it has recovered nearly all of the crypto stolen from an Oct. 7 exploit — minus a 10% bounty to the person responsible.
In an Oct. 11 X (Twitter) post, Stars Arena said around 90% of the 266,000 Avalanche (AVAX) exploited, at the time worth around $3 million, was returned after reaching an agreement to give a 27,610 AVAX bounty worth nearly $257,000 to the exploiter.
The bounty also included compensation for 1,000 AVAX worth over $9,000 seemingly lost by the exploiter in a bridge.
UPDATE:
We have recovered approximately 90% of the lost funds.
We reached an agreement with the individual responsible for the recent security breach.
The funds have been returned in exchange for a 10% bounty fee + 1000 AVAX that was lost in a bridge.
Total funds lost:…
— Stars Arena (@starsarenacom) October 11, 2023
In a separate post, Stars Arena added it had written a new smart contract and before placing the returned funds and launching, it was finalizing an audit of the new contract.
Stars Arena first alerted its community to the exploit on Oct. 7, calling it a “major security breach” with its smart contract leading to funds being drained.
In a subsequent post, Stars Arena said it secured funding to plug the hole left by the exploit and it had contracted a development team to do a full security audit, though the team has yet to detail how the exploit took place.
Related: Galxe replacing 110% of funds users lost in recent front-end hack, over $400K
Days earlier, on Oct. 5, Stars Arena was hit by a smaller exploit, though hackers only made off with around $2,000, they claimed.
The exploit was caused by Stars Arena developers missing a vulnerable price function in the platform’s smart contract. This allowed the exploiter to sell user shares for nothing and get AXAX in return, pseudonymous X user “0xlilitch” explained in a post.
Stars Area claimed to have patched the vulnerability.
Users of Stars Arena’s main competitor, Friend.tech, have also seen targeted SIM-swap attacks with Friend.tech recently adding security features to mitigate the attempts.
Magazine: Recursive inscriptions — Bitcoin ‘supercomputer’ and BTC DeFi coming soon