Avalanche Social App Stars Arena Drained of $3M in AVAX After Hack

The newest viral application launched nearly a week ago and quickly gained a cult following.

AccessTimeIconOct 7, 2023 at 10:37 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Avalanche upstart Stars Arena was drained of nearly all locked funds earlier today as attackers exploited a smart contract that helped secure tokens on the social application.

Some $3 million worth of Avalanche’s AVAX tokens were drained, leaving Stars Arena with just under $1 in funds after the attacker. X, formerly Twitter, user @0xLawliette seemed to first warn of the exploit in the early Asian hours on Saturday, but another user, @0xlilitch yesterday warned of potential security issues.

Stars Arena developers confirmed the attack in a tweet on Saturday morning.

Stars Arena launched just over a week ago and quickly gained a cult following among Avalanche community members, some of whom earned as much as 1,000 AVAX in trading fees from the platform. It also helped bump prices of AVAX tokens by as much as 6% at one point during the week.

It was highly considered as a clone of Friend.Tech, a social app based on Ethereum grew to 100,000 users within weeks of its August release. Both apps let users purchase “keys” or “shares” of popular X users in turn for access to a closed chatroom, which may offer various privileges to those holders.

The values of these shares are very volatile, leading to some users treating the price gyrations similar to tokens and making a profit.

The exploit came even as some Ava Labs employees spoke in favor of the developments, which may have buoyed user trust. Some Ava Labs employees, including founder Emin Gün Sirer, seemed to hype the app over several X posts as well.

Sirer however, seemed to downplay concerns of the potential security exploit on Friday when it was first pointed out by @0xlilitch, even stating a potential breach had “already been fixed.”

Crypto markets remain a hotbed of generally poor security practices and criminal activity, with exploits and hacks accounting for some $1.3 billion in value lost in 2023 alone, as per estimates.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.

Read more about