SocialFi-platform Stars Arena, based on Avalanche, has recovered approximately 90% of assets lost in the exploit. The return of funds came as a result of negotiations with the hacker.
UPDATE:
We have recovered approximately 90% of the lost funds.
We reached an agreement with the individual responsible for the recent security breach.
The funds have been returned in exchange for a 10% bounty fee + 1000 AVAX that was lost in a bridge.
Total funds lost:…
— Stars Arena (@starsarenacom) October 11, 2023
On October 7, the Friend.Tech-inspired project lost 266 103 AVAX (~$3 million at the time of the attack) due to a “serious security flaw” in the smart contracts. As a result of the incident, the total value of assets locked on Stars Arena fell to zero.
“We have reached an agreement with the person responsible for the recent security breach,” the team said.
Under the agreement, the restitution fee amounted to 27 610 AVAX — 10% of the total sum plus 1,000 AVAX lost in the cross-chain bridge.
The hacker transferred 239 493 AVAX to the platform in two transactions.
The Stars Arena developers also said that after the incident they wrote an entirely new smart contract. The original code is now undergoing an audit by Paladin Blockchain Security.
UPDATE:
• Our technical team led by @0xlocrian has written an entirely new smart contract
• We are finalizing a full contract audit with @0xPaladinSec
• The contract will become open-source after the audit is concluded
• We will have a paused verified contract BEFORE…
— Stars Arena (@starsarenacom) October 11, 2023
The team pledged to cover the shortfall before the platform’s restart.
In late September, the Avalanche-based Stars Arena app, launched as a fork of Friend.Tech, caused a sharp uptick in activity on the network. The number of transactions in the ecosystem jumped from 790,000 to 1.2 million in under a week.