Alexander Savenkov Stars Arena, a decentralized social application operating on the Avalanche blockchain, disclosed it was the victim of a $2.9 million cyber attack that occurred this Saturday. The exploit targeted a weakness in the smart contract infrastructure of the platform. In a formal announcement via X (previously known as Twitter), the Stars Arena team identified the incident as a “significant security infringement” and advised users to cease all deposits during the ongoing investigation.
An initial evaluation by Peckshield, a firm specializing in blockchain security and data analytics, revealed that the assailants utilized a reentrancy attack on the Stars Arena shares contract. This allowed them to manipulate asset prices on the platform to their advantage.
Peckshield’s statement read:
The assailants exploited the reentrancy vulnerability to alter the weight during the issuance of shares or tickets, enabling a single share to be sold at an elevated price—approximately 274,000 $AVAX.
Prior to this incident, Stars Arena had identified and mitigated another security flaw, cautioning that the platform had been in the crosshairs of bad actors intending to defraud users.
Table Of Contents
Subsequent Actions
Emin Gün Sirer, the founder and CEO of Ava Labs, downplayed the severity of the breach, expressing confidence that the platform’s reputable standing and network could facilitate the recovery of the stolen funds.
Gün Sirer commented:
The platform has garnered significant support and has a product that has demonstrated its market viability. The sum involved is relatively minor, being just $3 million. I have full confidence that the vulnerabilities will be addressed. The team needs appropriate time to implement the requisite code modifications.
Subsequently, Stars Arena confirmed it had procured the necessary funds to reimburse users and enlisted the services of a white-hat development team to swiftly conduct a comprehensive security assessment.
The platform also declared its intention to recommence operations with restored funds, pending the completion of an exhaustive security audit, although it refrained from specifying a timeline for the same.
We invite your thoughts on the $2.9 million reentrancy breach experienced by Stars Arena in the comments section below.
Frequently Asked Questions (FAQs) about Stars Arena Hack
What blockchain does Stars Arena operate on?
Stars Arena operates on the Avalanche blockchain.
What was the nature of the security breach at Stars Arena?
The security breach at Stars Arena was a $2.9 million hack that exploited a vulnerability in the platform’s smart contract system.
Who conducted the initial review of the security breach?
Peckshield, a blockchain security and data analytics firm, conducted the initial review of the security breach.
What type of exploit did the hackers use?
The hackers utilized a reentrancy exploit to manipulate asset prices on Stars Arena, specifically on its shares contract.
During the exploit, a single share could be sold at an elevated price of approximately 274,000 $AVAX.
What actions has Stars Arena taken post-hack?
Stars Arena has secured the necessary funds to reimburse users and has enlisted a white-hat development team to conduct a full security audit. The platform also plans to recommence operations with restored funds once the audit is complete.
Did Ava Labs’ founder and CEO comment on the situation?
Yes, Emin Gün Sirer, the founder and CEO of Ava Labs, downplayed the severity of the hack and expressed confidence that the stolen funds would be recovered due to the platform’s reputable standing and network.
Is there a timeline for when Stars Arena will resume operations?
Stars Arena has not specified a timeline for resuming operations but has declared its intention to do so once a comprehensive security audit is completed.
Are users advised to take any precautionary measures?
Users were advised to cease all deposits during the ongoing investigation immediately following the announcement of the breach.
What will happen to the lost funds?
Stars Arena has confirmed that it has secured the necessary funds to make users whole, indicating that financial remediation is planned.
More about Stars Arena Hack
- Stars Arena Official Announcement
- Peckshield’s Security Analysis
- Emin Gün Sirer’s Statement
- Avalanche Blockchain Overview
- Guide to Smart Contract Vulnerabilities
- Understanding Reentrancy Attacks
- Cybersecurity Measures in Decentralized Platforms
- Latest Developments in Blockchain Security Audits
6 comments
Makes me wonder what kinda white-hat team they’ve got now to fix this mess. Hope they know what they’re doin.
Good on Stars Arena for securing funds to make users whole, but seriously this shouldn’t have happened in the first place. Smart contracts need to be, well, smarter.
Stil no timeline for when things are gonna be back to normal? Not a good sign imo.
Stars Arena is back to square one, I guess. Security audits should’ve been their first step, not a reactionary measure.
Emin Gün Sirer seemed to downplay the whole thing. Only $3m he says, but 3 million is 3 million. In this business, reputation is everything.
Wow, thats a big blow to Stars Arena. Who’s gonna trust these platforms now? I mean 2.9 mil is a lotta money.