The StarsArena Web3 app on Avalanche has lost some of its funds due to a malicious attack, according to social media reports on October 5.
StarsArena user Lilitch.eth discovered the exploit and announced it on X, formerly known as Twitter. Lilitch.eth claimed over $1 million was lost in the attack. The StarsArena team confirmed the attack, calling it a “war” against the app. They said the attack only resulted in approximately $2,000 in losses and the exploit has now been patched.
THE EXPLOIT HAS BEEN FIXED.
BUT DON’T GET THIS WRONG WE ARE AT WAR.
We’re being targeted by malicious actors in the space that want to steal your money.
The little guy is under attack.
You are under attack.
Your right to platform diversity is under attack.
Don’t get it… pic.twitter.com/DmbMdf9cAq
— Stars Arena (@starsarenacom) October 5, 2023
StarsArena is a Web3 social media app running on the Avalanche network. Similar to Friend.tech, it allows users to buy “shares” or tokenized assets issued by content creators. The issuers can grant token owners access to exclusive content or other perks. Avalanche has seen a surge of activity since StarsArena was launched, as the network’s daily transaction count increased by over 186% from October 3-4.
On the morning of October 5, Lilitch.eth declared on X that StarsArena was being drained of funds. “1.1 million dollars are being drained right now because of noob devs who couldn’t make a copy of http://Friend.tech that will work properly,” Lilitch stated, adding “If you hold ANY SHARES in StarsArena you should sell while you still can.” In the post, they showed an image of a contract at address 0xA481B139a1A654cA19d2074F174f17D7534e8CeC that contained approximately 107,329 Avalanche (AVAX) tokens, worth over $1 million at the time.
@starsarenacom, you fucked up
1.1 million dollars are being drained right now because of noob devs who couldn’t make a copy of https://t.co/h7traLwG9i that will work properly
If you hold ANY SHARES in StarsArena you should sell while you still can
read next⬇️ pic.twitter.com/HzgXvJc8ju
— lilitch.eth (@0xlilitch) October 5, 2023
In response, some users accused Lilitch of “fudding” (spreading fear, uncertainty, and doubt). For example, ZSwapDEX developer Mork claimed that “no exploiter can profit from this because the gas to run the tx is higher than the Avax extracted” and “they are proxy contracts – able to be updated.”
Related: Friend.tech revenue surges over 10,000 ETH, TVL tops 30,000 ETH
The StarsArena team responded with a post on X stating that “THE EXPLOIT HAS BEEN FIXED.” It claimed that attackers had been spending $5 in gas to drain $1 from the app in an attempt to destroy its credibility. “We are at war,” the post stated, claiming that the app was experiencing “coordinated FUD.” The team held a Twitter Spaces event to explain to users what was happening. In the event, they explained that only around $2,000 had been lost in the attack.
Responding to the team’s post, Lilitch denied that attackers had been spending $5 in gas to drain $1. “Nobody was spending 5$ to get 1$ from your TVL, chill,” they stated. They claimed instead that attackers stopped whenever gas prices became too high to make the attack profitable. Lilitch also denied making “war” against the app. In another post, they claimed to support the app now that it has been patched, stating “the conflict was resolved, we are friend now @starsarena to the moon.”
Friend.tech users have been facing a wave of SIM-swap attacks, leaving its users and those of similar apps on edge. On October 5, the Friend.tech team implemented a function to remove login methods to help combat the problem.
This news is republished from another source. You can check the original article here
Be the first to comment