Friend​.tech copycat Stars Arena patches exploit after some funds drained

Stars Arena announced that attackers were draining funds through a loophole, but the contract has been patched to prevent further damage.

The Stars Arena Web3 social media app on Avalanche has lost some of its funds due to a malicious attack, according to social media reports. 

Stars Arena user Lilitch.eth discovered the exploit on Oct. 5 and announced it on X (formerly Twitter), claiming that over $1 million was lost. The Stars Arena team confirmed the attack, calling it a “war” against the app. They said the attack only resulted in approximately $2,000 in losses and that the exploit had been patched.

Similar to Friend.tech, Stars Arena allows users to buy “shares,” tokenized assets issued by content creators. The issuers can grant token owners access to exclusive content or other perks. Avalanche has seen a surge of activity since Stars Arena was launched, with the network’s daily transaction count increasing by over 186% from Oct. 3 to 4.

On Oct. 5, Lilitch.eth declared on X that “1.1 million dollars are being drained right now because of noob devs who couldn’t make a copy of Friend.tech that will work properly. If you hold ANY SHARES in StarsArena you should sell while you still can.” In the post, they showed a screenshot of a smart contract that contained approximately 107,329 AVAX (AVAX), worth over $1 million at the time.

In response, some users accused Lilitch.eth of “fudding” (spreading fear, uncertainty and doubt). For example, ZSwap developer Mork claimed that “no exploiter can profit from this because the gas to run the tx is higher than the Avax extracted” and that “they are proxy contracts – able to be updated.”

Related: Friend.tech revenue surges over 10,000 ETH, TVL tops 30,000 ETH

The Stars Arena team responded with a post on X stating that “THE EXPLOIT HAS BEEN FIXED.” It claimed that attackers had been spending $5 in gas to drain $1 from the app in an attempt to destroy its credibility with “coordinated FUD.” The team held a Twitter Spaces event to explain to users what was happening, during which it stated that only around $2,000 had been lost in the attack.

Responding to the team’s post, Lilitch.eth denied that attackers had been spending $5 in gas to drain $1. “Nobody was spending 5$ to get 1$ from your TVL, chill,” they stated, claiming instead that attackers stopped whenever gas prices became too high to make the attack profitable. Lilitch.eth also denied waging “war” against the app. In another post, they claimed to support the app now that it has been patched, stating, “The conflict was resolved, we are friend now. @starsarena to the moon.”

Friend.tech users have been facing a wave of SIM-swap attacks, leaving its users and those of similar apps on edge. On Oct. 5, the Friend.tech team implemented a function to remove login methods to help combat the problem.

Source Link

Share with your friends!

Products You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *