Key Takeaways:
StarterXyz Project claims itself to be a leading IDO launchpad, incubator, and investor network for Polygon, Ethereum, Fantom, Avalanche, and Binance Smart Chain. With over $30M+ raised in seed, private and public rounds for 40+ projects across multiple blockchains, they help connect inventors with investors to recreate a new future.
StarterXyz Protocol has also seen a sudden price drop of 45%. As of now, the price of its official $START token is 1.79 US Dollars.
According to Peckshield, this is the case of the private key leak. Here is theย linkย of the official transaction of the Hacker. The attacker has transferred around 407,000 START Tokens.
Also, Polygonscan has reported the account of Hacker as rug-pull. They have written that the attacker will lose all funds staked in this account. They have also labeled this account as Heist account.
According to Twitter Userย Hubert Ritzdorf, two accounts were used. Here is theย linkย of the address of the second account. This account is also labeledย Heistย and rug-pull by Polygonscan. Both these accounts were related toย https://starchi.gg/.ย Starchi is a Tamagotchi-inspired PlaytoEarn game for the crypto age that StarterXyz incubates.
So, Firstly, the admin upgraded to a malicious implementation. Here isย linkย of an example upgraded transaction. Then the admin used the malicious implementation to steal all staked funds. We can find this malicious implementationย here. Here is a visualization of the attacker’s contract by the Twitter Userย Daniel Von Fange.
As of now, there has been no official Twitter notification from the StarterXyz team in the last 24 hours regarding this attack and their approach to solving the problem. We have also tried to check their telegram group, but there is no official response from the team. Meanwhile, the team hasย repliedย to Peckshield that they areย Looking into it ASAP.