7 October 2023
Stars Arena, a decentralized social media platform built on the Avalanche network, has suffered a major security breach, resulting in the loss of a significant amount of cryptocurrency. This comes barely a day after the decentralized application (dApp) reportedly fixed a loophole in its smart contract.
On Thursday, October 5, the Stars Arena team said – via a post on X (formerly Twitter) – that it has averted a security exploit, which could have led to the loss of over $1 million worth of funds.
Stars Arena Loses $2.9 Million To Attack, PeckShield Reveals
On Saturday, October 7, a pseudonymous X user raised the alarm about the suspicious movement of Avalanche (AVAX) tokens from the Stars Arena contract.
A few minutes after this, the protocol’s team confirmed – via a post on X – that there has been a “major security breach with its smart contract.”
There has been a major security breach with the smart contract.
We’re actively checking the issue.
DO NOT deposit any funds.
Stay tuned for updates.
— Stars Arena (@starsarenacom) October 7, 2023
This exploit has also been flagged by blockchain security firm PeckShield, who disclosed that around $2.9 million in AVAX has been drained from the decentralized social media application.
An initial breakdown by the security company identified a reentrancy issue on the Stars Arena Shares contract. “The reentrancy is abused to update the weight when the share/ticket is issued so that 1 share can be sold at a much higher price of approximately 274,000 AVAX,” PeckShield said.
As earlier noted, Stars Arena has been gaining some popularity in the past few days. In fact, the recent activity uptick on the Avalanche network has been attributed to the rise of the decentralized social application.
However, this latest hack represents a significant deterrent to Stars Arena’s growth. According to data from DeFiLlama, the protocol’s total value locked has plummeted from $1.26 million to $0.47 in the past day, reflecting a 100% decline.
Stars Arena went live on Avalanche C-Chain – the blockchain component specifically designed for running smart contracts on Avalanche – in late September. Although the Friend.tech-like platform experienced some traction after launch, recent security concerns seem to be stirring skepticism around its growth.
$900 Million Lost To Bad Actors In 2023 Q3
This latest exploit will serve as an unfriendly reminder of the growing security concerns in the crypto space. Particularly, the cryptocurrency industry saw a significant surge in exploits and security breaches in the third quarter of 2023.
According to a quarterly report by blockchain security firm Beosin, the losses incurred only in Q3 2023 were larger than the total for the year’s first half. A total of $889.26 million was lost to various attacks in the last quarter, compared to the $663 million lost in 2023’s first six months.
Beosin’s report revealed that $540.1 million was lost to hacks, with decentralized finance (DeFi) accounting for 18% of this value. Notably, DeFi peer-to-peer service Mixin Network lost $200 million due to a compromise in its cloud service provider database.