According to social media reports, the Stars Arena Web3 social media application on Avalanche has lost some funds due to a malicious attack.
Stars Arena user Lilitch.eth discovered the vulnerability on October 5 and announced it on X (formerly Twitter), claiming to have lost more than $1 million. The Stars Arena team confirmed the attack, calling it a "war" against the app. They said the attack only caused about $2,000 in damages and that the vulnerability has been patched.
The vulnerability has been fixed. But make no mistake about this, we are at war. We are being targeted by malicious actors in the space who want to steal your money. The little guy is under attack. You are under attack. Your rights to platform diversity are under attack. Don't understand... pic.twitter.com/DmbMdf9cAq
— Star Arena (@starsarenacom) October 5, 2023
Similar to Friend.tech, Stars Arena allows users to buy “shares,” tokenized assets issued by content creators. Issuers can grant token owners access to exclusive content or other privileges. Avalanche has seen a surge in activity since the launch of Stars Arena, with the network’s daily transaction volume increasing by more than 186% from October 3 to 4.
On October 5, Lilitch.eth announced on X that it was “draining $1.1 million due to rookie developers being unable to make a working copy of Friend.tech. If you hold any shares in StarsArena, you should sell them while you still can.” In the post, they showed a screenshot of a smart contract containing approximately 107,329 AVAX (AVAX), which was worth more than $1 million at the time.
@starsarenacom you screwed up! Now $1.1m is drained because rookie devs can't make a working copy of https://t.co/h7traLwG9i If you own any shares in StarsArena you should sell while you still can Read next ⬇️ pic.twitter.com/HzgXvJc8ju
— lilitch.eth (@0xlilitch) October 5, 2023
In response, some users accused Lilitch.eth of “fabrication” (spreading fear, uncertainty, and doubt). For example, ZSwap developer Mork claimed that “no exploiters can profit from this because the gas to run a tx is higher than the Avax to extract” and that “they are proxy contracts — able to update.
Related: Friend.tech Revenue Surges Over 10,000 ETH, TVL Breaks 30,000 ETH
The Stars Arena team published a post on X saying that the “vulnerability has been fixed.” It claimed that attackers had been siphoning $1 from the app at a cost of $5 in gas, attempting to undermine its credibility through “coordinated FUD.” The team held a Twitter space event to explain to users what was happening, during which it said it had only lost about $2,000 in the attack.
In response to the team’s post, Lilitch.eth denied that the attacker spent $5 in gas to drain $1. “No one is spending $5 to get $1 from your TVL, calm down,” they said, instead the attacker stopped whenever gas prices became too high to make the attack profitable. Lilitch.eth also denied waging a “war” against the app. In another post, they claimed to be supporting the app now that it has been patched, noting: “The conflict has been resolved and we are friends now. @starsarena moon.”
Friend.tech users have been facing a wave of SIM swapping attacks that have put its users and users of similar apps on edge. On October 5, the Friend.tech team implemented a feature to remove login methods to help resolve the issue.
Author: Deepchain DCNews
Compiled by: Sister Shen
Twitter: DeepChain
Twitter:https://twitter.com/DeepChainUS
