Avalanche upstart Stars Arena was drained of nearly all locked funds earlier today as attackers exploited a smart contract that helped secure tokens on the social application.
Some $3 million worth of Avalanche’s AVAX tokens were drained, leaving Stars Arena with just under $1 in funds after the attacker. X, formerly Twitter, user @0xLawliette seemed to first warn of the exploit in the early Asian hours on Saturday, but another user, @0xlilitch yesterday warned of potential security issues.
Stars Arena developers confirmed the attack in a tweet on Saturday morning.
Stars Arena launched just over a week ago and quickly gained a cult following among Avalanche community members, some of whom earned as much as 1,000 AVAX in trading fees from the platform. It also helped bump prices of AVAX tokens by as much as 6% at one point during the week.
It was highly considered as a clone of Friend.Tech, a social app based on Ethereum grew to 100,000 users within weeks of its August release. Both apps let users purchase “keys” or “shares” of popular X users in turn for access to a closed chatroom, which may offer various privileges to those holders.
The values of these shares are very volatile, leading to some users treating the price gyrations similar to tokens and making a profit.
The exploit came even as some Ava Labs employees spoke in favor of the developments, which may have buoyed user trust. Some Ava Labs employees, including founder Emin Gün Sirer, seemed to hype the app over several X posts as well.
Sirer however, seemed to downplay concerns of the potential security exploit on Friday when it was first pointed out by @0xlilitch, even stating a potential breach had “already been fixed.”
Crypto markets remain a hotbed of generally poor security practices and criminal activity, with exploits and hacks accounting for some $1.3 billion in value lost in 2023 alone, as per estimates.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish, a cryptocurrency exchange, which in turn is owned by Block.one, a firm with interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets including bitcoin and EOS. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.