StarterXyz Project claims itself to be a leading IDO launchpad, incubator, and investor network for Polygon, Ethereum, Fantom, Avalanche, and Binance Smart Chain. With over $30M+ raised in seed, private and public rounds for 40+ projects across multiple blockchains, they help connect inventors with investors to recreate a new future.
StarterXyz Protocol has also seen a sudden price drop of 45%. As of now, the price of its official $START token is 1.79 US Dollars.
According to Peckshield, this is the case of the private key leak. Here is the link of the official transaction of the Hacker. The attacker has transferred around 407,000 START Tokens.
Also, Polygonscan has reported the account of Hacker as rug-pull. They have written that the attacker will lose all funds staked in this account. They have also labeled this account as Heist account.
According to Twitter User Hubert Ritzdorf, two accounts were used. Here is the link of the address of the second account. This account is also labeled Heist and rug-pull by Polygonscan. Both these accounts were related to https://starchi.gg/. Starchi is a Tamagotchi-inspired PlaytoEarn game for the crypto age that StarterXyz incubates.
So, Firstly, the admin upgraded to a malicious implementation. Here is link of an example upgraded transaction. Then the admin used the malicious implementation to steal all staked funds. We can find this malicious implementation here. Here is a visualization of the attacker’s contract by the Twitter User Daniel Von Fange.
As of now, there has been no official Twitter notification from the StarterXyz team in the last 24 hours regarding this attack and their approach to solving the problem. We have also tried to check their telegram group, but there is no official response from the team. Meanwhile, the team has replied to Peckshield that they are Looking into it ASAP.