{"id":85489,"date":"2023-10-09T12:16:54","date_gmt":"2023-10-09T09:16:54","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=85489"},"modified":"2025-09-12T23:37:11","modified_gmt":"2025-09-12T20:37:11","slug":"friend-tech-clone-on-avalanche-hacked-for-3-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/friend-tech-clone-on-avalanche-hacked-for-3-million\/","title":{"rendered":"Friend.Tech clone on Avalanche hacked for $3 million"},"content":{"rendered":"<p>On October 7, the SocialFi app <a href=\"https:\/\/hub.forklog.com\/chto-takoe-socialfi-i-dlya-chego-eto-nuzhno\/\"><span data-descr=\"Social Finance \u2014 projects that combine aspects of social networks and decentralized finance\" class=\"old_tooltip\">SocialFi<\/span><\/a>-inspired Stars Arena, inspired by <a href=\"https:\/\/forklog.com\/en\/news\/friend-tech-a-new-era-for-social-networks-or-a-one-day-wonder\">Friend.Tech<\/a>, lost 266,103 AVAX (about $3 million at the time of the attack) due to a &#8216;major security breach&#8217; in the smart contracts.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">There has been a major security breach with the smart contract. <\/p>\n<p>We&#8217;re actively checking the issue. <\/p>\n<p>DO NOT deposit any funds. <\/p>\n<p>Stay tuned for updates.<\/p>\n<p>\u2014 Stars Arena (@starsarenacom) <a href=\"https:\/\/twitter.com\/starsarenacom\/status\/1710540444075978846?ref_src=twsrc%5Etfw\">October 7, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;We are actively investigating the issue. Do not deposit any funds into the protocol,&#8221; the developers warned.<\/p>\n<\/blockquote>\n<p>Redline analysts were the first to flag the breach. According to them, the hacker had already withdrawn funds using the FixFloat exchange. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">?BREAKING!?<\/p>\n<p>$3 000 000 HAS BEEN GONE FROM STARS ARENA SMART CONTRACT<\/p>\n<p>DO NOT INVEST MONEY IN STARSARENA AT THIS MOMENT<\/p>\n<p>Waiting for an explanation from <a href=\"https:\/\/twitter.com\/starsarenacom?ref_src=twsrc%5Etfw\">@starsarenacom<\/a> <a href=\"https:\/\/t.co\/5UpP2h6X1Q\">pic.twitter.com\/5UpP2h6X1Q<\/a><\/p>\n<p>\u2014 redline (@redlinemeta) <a href=\"https:\/\/twitter.com\/redlinemeta\/status\/1710537521807953947?ref_src=twsrc%5Etfw\">October 7, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Later, Stars Arena representatives said they would reimburse the assets lost in the exploit. Temporarily restricting access to the platform, the project team invited security experts to conduct additional checks.<\/p>\n<p>Funds from the initial hot wallet were also moved to a new multi-sig address under the control of the Stars Arena developers.<\/p>\n<p>According to DeFi Llama, the total value of locked assets on the platform collapsed to zero. Presumably this was due to moving coins to another wallet.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/Z_TgQKdpVu8xYp5A_okPEN55Ae9qSxrMKtTXQB8gkbs-QakwS-13p4HMjQb1vSKe5gKInzUL8NBn6FQXY3pJx6eO87toULeQ_C3AShX05Q67gR58FRJMnFR6t2TwHqoMhnwlBzxC0E_NWVwudOj87PY\" alt=\"\u041a\u043b\u043e\u043d Friend.Tech \u043d\u0430 Avalanche \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0441\u044f \u0432\u0437\u043b\u043e\u043c\u0443 \u043d\u0430 $3 \u043c\u043b\u043d\"\/><figcaption class=\"wp-element-caption\">TVL of Stars Arena. Data: DeFi Llama.<\/figcaption><\/figure>\n<p>Shortly before the attack, the protocol detected a critical vulnerability that could allow attackers to drain AVAX tokens from <a href=\"https:\/\/forklog.com\/en\/news\/what-is-web3\">Web3<\/a>-social networks&#8217; smart contracts.<\/p>\n<p>Later, Stars Arena <a href=\"https:\/\/twitter.com\/starsarenacom\/status\/1709934535570608172?ref_src=twsrc%5Etfw\">said<\/a> the bug in the getPrice() function had been fixed. At that time, high fees on Avalance prevented hackers from withdrawing the cryptocurrency due to prohibitive costs.<\/p>\n<p>In the wake of the breach, the AVAX price fell 3% over the day\u2014from $10.19 to $9.86, according to <a href=\"https:\/\/www.coingecko.com\/ru\/%D0%9A%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D1%8B\/avalanche\">CoinGecko<\/a>.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/DI-Skxi8lJ-cVne5RmleVMaxHP9-QCFM0pljtUxbUAo9lJ4gnZOWzjFpqMKGBd1TQ9b3s3mwc5n3laNo75z84shculZqk6zf_Ti9yl6C57QGi8PNdyj7sXJlML1k2NxEZt-apirIQiCensX3UM5T1xM\" alt=\"\u041a\u043b\u043e\u043d Friend.Tech \u043d\u0430 Avalanche \u043f\u043e\u0434\u0432\u0435\u0440\u0433\u0441\u044f \u0432\u0437\u043b\u043e\u043c\u0443 \u043d\u0430 $3 \u043c\u043b\u043d\"\/><figcaption class=\"wp-element-caption\">15-minute chart of AVAX\/USDT on Binance. Data: TradingView.<\/figcaption><\/figure>\n<p>Earlier this month, Stars Arena, launched in late September, <a href=\"https:\/\/forklog.com\/en\/news\/friend-tech-clone-boosts-activity-on-the-avalanche-network\">drove growth<\/a> in activity on Avalance. The number of transactions in the ecosystem jumped from 790,000 to 1.2 million in less than a week.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On October 7, the SocialFi app Stars Arena, inspired by Friend.Tech, lost 266,103 AVAX (~$3 million) due to a &#8216;serious security breach&#8217; in the smart contracts.<\/p>\n","protected":false},"author":1,"featured_media":85490,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1524,465],"class_list":["post-85489","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-friend-tech","tag-social-media"],"aioseo_notices":[],"amp_enabled":true,"views":"31","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/85489","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=85489"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/85489\/revisions"}],"predecessor-version":[{"id":85491,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/85489\/revisions\/85491"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/85490"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=85489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=85489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=85489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}