Key Takeaways :
- Avalanche project Stars Arena falls victim to a $2.9 million exploit, depleting its smart contract to a mere $0.051.
- Stars Arena issues a warning, urging users not to deposit funds as the platform remains under a DDOS attack.
Stars Arena, the latest sensation in the world of SocialFi, has fallen prey to a devastating hack. The project’s smart contract witnessed a continual depletion of assets, and the absence of any transaction confirmations solidified suspicions of a hack. The project management issued a statement confirming the attack.
An alarming $3 million worth of AVAX tokens from the Avalanche network were drained, leaving Stars Arena with just under $1 in remaining funds after the attacker’s actions. Twitter user @0xLawliette, formerly known as X, appeared to be the first to raise the alarm about the exploit in the early hours of an Asian Saturday, while another user, @0xlilitch, voiced concerns about potential security vulnerabilities yesterday.
While the team did not disclose the exact stolen amount, blockchain security experts at PeckShield estimated the theft to be nearly $3 million in AVAX tokens.
DeFiLlama data reveals that the culprits exited the project with approximately $0.5 remaining in total locked value, indicating that they virtually drained all assets.
This attack occurred shortly after several X users had cautioned about potential security weaknesses within the Stars Arena smart contract. Interestingly, Emin Gün Sirer, the founder of Avalanche, had downplayed these warnings.
In a post on X, Star Arena acknowledged that the platform continues to face a Distributed Denial of Service (DDoS) attack. In a DDoS attack, malicious actors disrupt the normal operations of a platform by inundating it with an excessive volume of traffic.
Star Arena further stated:
“We are actively developing a solution to ensure the recovery of everyone’s funds and to enable the Arena to progress.”A cautionary advisory was issued, urging users not to deposit funds into the system. It is estimated that assets exceeding $3 million have been drained from the project’s smart contract.
Experts advise users who have linked their wallets and Twitter accounts to Stars Arena to sever these connections.