Avalanche-based Star Arena Recovers 90% of Hacked Funds, Offers 10% Bounty

Posted on

On-chain social platform, Star Arena has announced a recovery of assets drained from its platform over the weekend following an agreement with the hacker.

In a post on X (formerly Twitter), the platform disclosed that 90% of user assets have been recovered while the hacker was offered a 10% bounty.

The agreement means the company recovered 90% of 266,000 Avalanche (AVAX) tokens worth nearly $3 million while the hacker was offered 27,610 AVAX tokens approximately $257,000.

“We have recovered approximately 90% of the lost funds. We reached an agreement with the individual responsible for the recent security breach.”

Per the agreement, the hacker would also be compensated about 1000 AVAX lost in a bridge with the platform adding in a separate post that it has written a new smart contract to ensure security before placing recovered funds, making a subsequent rollout.

What happened this weekend?

Star Arena is a web3 social platform built on the Avalanche network that allows users to monetize their content and popularity and link their Twitter accounts, trading with AVAX.

On Oct 7, the company announced a warning of the smart contract hack asking users not to deposit funds. The hack led to 266,000 AVAX drains, further slightly affecting the price of AVAX.

The team apologised for the hack adding that they were at war with bad actors but will work to recover all user assets.

“A special white hat development team is coming in to rapidly review the security of the platform. We will re-open the contract with all the funds in full after a full security audit. This will happen very soon.”

Both Star Arena and its competitor Friend.tech recorded significant traction this past month and have both been hit by hackers.

Friend.tech suffered a similar incident when some accounts were drained and the malicious players carted away with $385,000 in Ether.

Two attacks within days

Observers have called on the development team to properly audit the smart contract to prevent any attacks in the future.

Before the attack on Oct 7, a smaller incident occurred with the team announcing that the platform was under attack but the loophole had been patched.

The incident broke out when user Lilitch.eth announced on X that $1 million had been lost because the developers could not make a copy of Friend.tech that worked properly.

The company subsequently clarified saying the exploit has been fixed with a loss of $2,000 recorded.

“You are under attack.

Your right to platform diversity is under attack

Don’t get it wrong, this is coordinated FUD.

The malicious actors were trying to spend $5 to drain $1 in TVL from our platform.

Make note of that, they were throwing money away to TAKE YOUR MONEY,” they added.