Stars Arena, a friend.tech-inspired social finance platform built on Avalanche, was targeted by a hacker who exploited a vulnerability in the platform’s smart contracts. Following the security breach, the hacker was able to access and withdraw funds from user accounts, causing significant losses for many users.
Stars Arena is a socialFi platform that allows creators to monetize their expertise. The platform offers creators the unique opportunity to sell “tickets,” essentially shares of their knowledge, to their dedicated followers. The SocialFi dApp was built on the Avalanche blockchain, allowing users to make transactions using Avalanche’s native cryptocurrency ($AVAX) to ensure speed and security.
A report from their official account on X (formerly Twitter) stated that their platform experienced a security breach, advising users to pause all activities on the platform and wait for updates as the team works to fix the issue.
A user on X (formerly Twitter) responding to the event of the hack, tracked down the address of the hacker showing all the exploited $AVAX being drained into that particular contract address.
An analysis of the exploit was reported from the Beosin account on X (Twitter), saying that the platform’s smart contracts, which are not open-source, were vulnerable to a reentrancy attack. This allowed the hacker to access and withdraw funds from user accounts, causing significant financial damage of $2.9M worth of $AVAX.
In an Oct. 5 post on X (Twitter), the Stars Arena account announced a recent exploit in their platform which allowed the attackers to steal $2,000 from the Avalanche-based decentralized social media platform, reporting the issue to have been fixed, adding, “Don’t get this wrong, we are at war.”
The previous exploit in their platform caused a major surge in the gas fees on Avalanche, which made the withdrawal of the earnings from the hack far more expensive than anticipated.
The Stars Arena team has taken steps to secure the platform and fix the recent security breach, while also working on compensating affected users, but many questions remain about the incident and how it could have been prevented. Stars Arena is the latest app to join a growing roster of social finance platforms, such as Alpha on the Bitcoin network, Friend.tech on Ethereum and PostTech on Arbitrum.