Stars Arena, an on-chain social app built on the Avalanche blockchain, suffered a $2.9 million hack Saturday, when hackers took advantage of a vulnerability in its smart contract, draining funds. Stars Arena’s team has already announced that it has secured the funds to close the gap and will complete a full security audit on the platform.
Stars Arena Suffers $2.9 Million Hack
Stars Arena, a social on-chain platform built on top of Avalanche blockchain, has announced that it suffered a $2.9 million hack that exploited a vulnerability in its smart contracts system Saturday. The Stars Arena team acknowledged a “major security breach” in a series of posts in X (formerly known as Twitter), where it called on users to stop deposits while they “actively” checked the issue.
In a first preliminary review, Peckshield, a blockchain security and data analytics company, indicated that this attack took advantage of a reentrancy exploit on Stars Arena’s shares contract, which allowed attackers to sell assets on the platform at a higher price than established.
The reentrancy is abused to update the weight when the share/ticket is issued so that 1 share can be sold at a much higher price ~274k $AVAX
Before, the platform had announced that it had plugged another exploit, stating that it was being “targeted by malicious actors in the space that want to steal your money.”
Ava Labs founder and CEO Emin Gün Sirer minimized the exploit, explaining that the team behind the platform could recover the funds due to its ties and the platform’s success.
While the issue was developing, Gün Sirer stated:
They have quite a few friends and a fantastic product that has proven its virality in the market. The amount lost is only $3m. I’m confident that the hole will be plugged. Let’s now give the team some time to make the code changes required.
Later, Stars Arena announced that they had secured the funds to make users whole and that the platform had enlisted the help of a white hat development team that would “rapidly review the security of the platform.”
Furthermore, the platform detailed it would open again with funds restored after completing a security audit “very soon.” However, it did not offer any estimations on when this will happen.
What do you think about the $2.9 million reentrancy exploit suffered by Stars Arena? Tell us in the comments section below.