The StarsArena Web3 app on the Avalanche network recently suffered a devastating blow as it fell victim to a malicious attack. Reports on social media platforms on October 5 revealed that StarsArena lost a significant amount of funds in the attack. The incident was first brought to light by a StarsArena user called Lilitch.eth, who took to X (formerly known as Twitter) to share the news. The user claimed that over $1 million was lost in the attack, sparking concerns within the community and raising questions about the security of the platform.
The StarsArena team later confirmed the attack, referring to it as a “war” against the app. Contradicting Lilitch.eth’s claims, the team stated that the attack resulted in losses of approximately $2,000, significantly less than the alleged $1 million. Nevertheless, the team acknowledged the seriousness of the situation and assured users that they had already patched the exploit. StarsArena is a Web3 social media app that operates on the Avalanche network, offering features similar to those found on Friend.tech. Users can purchase “shares” or tokenized assets issued by content creators, who in turn offer exclusive content or perks to token owners.
Avalanche’s Growing Popularity
StarsArena’s launch on the Avalanche network coincided with a surge in transaction activity on the platform. In just two days, from October 3 to 4, Avalanche experienced an astonishing 186% increase in its daily transaction count. This spike in activity demonstrated the growing popularity and potential of the network. However, the attack on StarsArena undermined the confidence and trust that users had placed in the platform, causing concern among investors and community members.
On the morning of October 5, Lilitch.eth made a startling revelation on X, stating that StarsArena was being drained of funds. The user berated the developers, referring to them as “noobs” who failed to create a proper functioning version of Friend.tech. Lilitch.eth also advised anyone holding shares in StarsArena to sell them while they still had the chance. To support their claims, they shared an image of a contract at a specific address that allegedly contained over 107,000 Avalanche (AVAX) tokens, equivalent to more than $1 million at the time.
Controversial Claims and Denials
In response to Lilitch.eth’s post, some users accused them of spreading fear, uncertainty, and doubt in what is commonly referred to as “fudding.” One developer, Mork from ZSwapDEX, dismissed the possibility of the attackers profiting from the exploit because the gas fees for executing the transactions exceeded the amount of AVAX extracted. Mork also mentioned that the contract used for the attack was a proxy contract, which means it is modifiable and potentially updatable.
The StarsArena team released a statement on X, assuring their users that they had fixed the exploit. They claimed that attackers had intentionally been spending $5 in gas fees to drain just $1 from the app, suggesting it was an attempt to damage the app’s reputation. The team referred to the ongoing situation as a “war” and denounced it as coordinated FUD (fear, uncertainty, and doubt) campaign. To communicate directly with users and address their concerns, the team hosted a Twitter Spaces event, offering explanations and clarifications about the attack. During the event, they revealed that the actual losses amounted to only around $2,000.
Lilitch.eth’s Response and Reconciliation
Lilitch.eth rebutted the team’s claims, denying that attackers had spent $5 to drain just $1 from StarsArena. They asserted that attackers stopped their actions whenever gas prices became too high, rendering the exploit unprofitable. Additionally, Lilitch.eth distanced themselves from the notion of waging a “war” against the app and expressed support for StarsArena now that the exploit had been patched, stating their intention to be friends and see the app thrive.
The attack on StarsArena added to the growing concerns within the Web3 community about the security of decentralized applications and platforms. This incident also comes at a time when Friend.tech and similar platforms have been experiencing a wave of SIM-swap attacks, leading to heightened vigilance among users. To tackle the issue, the Friend.tech team implemented a function to remove certain login methods, aiming to strengthen security and protect users from potential attacks.
The malicious attack on the StarsArena Web3 app on the Avalanche network dealt a damaging blow to the platform, resulting in the loss of funds. While the exact amount lost remains disputed, the incident has raised critical questions about the platform’s security measures. StarsArena responded swiftly to the attack, patching the exploit and reassuring users about the situation. Additionally, the incident has contributed to the growing concerns within the Web3 community regarding the safety and resilience of decentralized applications. As the industry continues to evolve, it is imperative for developers and users alike to prioritize security and implement robust measures to safeguard against malicious attacks.
Leave a Reply