Avalanche’s StarsArena Web3 app lost some funds due to a malware attack, according to social media reports on October 5.
StarsArena user Lilitch.eth discovered the vulnerability and announced it on X, formerly known as Twitter. Lilitch.eth claimed that more than $1 million was lost in the attack. Stars Arena team Certain The attack was described as a “war” on the application. They said the attack resulted in losses worth only $2,000, and the vulnerability has now been patched.
The exploit has been fixed.
But don’t get this wrong, we are at war.
We are being targeted by malicious actors in the space who want to steal your money.
The little man is being attacked.
You are under attack.
Your right to platform diversity is under attack.
You don’t understand it… pic.twitter.com/DmbMdf9cAq
– Stars Arena (@starsarenacom) October 5, 2023
StarsArena is a Web3 social media application that runs on the Avalanche Network. Similar to Friend.tech, it allows users to purchase “shares” or token assets issued by content creators. Issuers can grant token holders access to exclusive content or other privileges. Avalanche has seen a surge in activity since the launch of StarsArena, with the network’s daily transaction count increasing by more than 186% from October 3-4.
On the morning of October 5, Lilitch.eth announced on X that StarsArena funds had been drained. “$1.1 million is being drained right now because of new developers who couldn’t make a version of http://Friend.tech that will work properly,” Lelic said, adding, “If you own any shares in StarsArena, you should sell while you still can.” ” In the post, they showed an image of a contract at the address 0xA481B139a1A654cA19d2074F174f17D7534e8CeC that contained approximately 107,329 Avalanche (AVAX) tokens, worth over $1 million at the time.
@starsarenacom-I’ve had sex
$1.1 million is now being drained by new developers who haven’t been able to make a copy of it https://t.co/h7traLwG9i That would work properly
If you own any shares in StarsArena, you should sell while you still can
Read next pic.twitter.com/hzgXvJc8ju
– lilitch.eth (@0xlilitch) October 5, 2023
In response, some users accused Lilic of “faking it” (spreading fear, uncertainty and doubt). For example, ZSwapDEX developer Mork claimed That “no exploiter can profit from this because the gas needed to operate Texas is higher than the gas extracted from Avax” and “they are proxy contracts – upgradable.”
Related: Friend.tech’s revenue rose over 10,000 ETH, TVL exceeded 30,000 ETH
The StarsArena team responded with a post on X stating, “The exploit has been fixed.” It claimed that the attackers were spending $5 on gas to drain $1 from the app in an attempt to destroy its credibility. “We are at war,” the post read, claiming the app was suffering from “coordinated FUD.” the team detained Twitter Spaces event to explain to users what was happening. On this occasion, they explained that only about $2,000 was lost in the attack.
In response to Lieutenant General Lilic’s post to reject That the attackers were spending $5 on gas to drain $1. “No one was spending $5 to get $1 off your TVL, quietly,” they said. They instead claimed that the attackers stopped when gas prices became too high to make the attack profitable. Lilic also denied waging a “war” against the app. In another post, they claimed to support the app now that it has been patched, It is useful “The conflict has been resolved, we are now friends @starsarena to the moon.”
Friend.tech users have faced a wave of SIM swap attacks, leaving its users and users of similar apps in a state of stress. On October 5, the Friend.tech team implemented a function to remove login methods to help combat the issue.