The team behind the new Friend.tech-inspired Stars Arena protocol has dismissed what it called a “coordinated FUD” after patching a vulnerability that saw attackers flee $2,000 from the Avalanche-based decentralized social media platform.
On October 5th mail On X (Twitter), the Stars Arena account said the vulnerability had been fixed, adding: “Don’t get this wrong, we’re at war.”
The exploit has been fixed.
But don’t get this wrong, we are at war.
We are being targeted by malicious actors in the space who want to steal your money.
The little man is being attacked.
You are under attack.
Your right to platform diversity is under attack.
You don’t understand it… pic.twitter.com/DmbMdf9cAq
– Stars Arena (@starsarenacom) October 5, 2023
So how are the nodes drained now?
Their getPrice() function is broken
You can sell 0 shares and get AVAX. Yes. You can do it now and it will work.
But where does this extra AVAX come from?
Read next pic.twitter.com/0RM7NHxLeq
– lilitch.eth (@0xlilitch) October 5, 2023
However, the attack vector turns out to be economically infeasible for attackers. This vulnerability itself caused a significant increase in gas fees on Avalanche, making extracting profits from the hack much more expensive than expected.
As a result, attackers would presumably end up spending more on gas fees than they earned from the exploit.
Ava Labs CEO Emin Gün Sirer highlighted in the X post that for every $0.04 earned from the exploit, the hackers spent an average of $0.25.
There is a lot of misinformation about the Stars Arena exploit that (1) has already been fixed, (2) it cost the attacker $0.25 to get $0.04, and (3) the attacker only extracted a total of $2,000. Now that we’re done, let’s get back to having fun in the arena.
– Emin Gün Serer (@el33th4xor) October 5, 2023
Despite the relatively unsuccessful exploit, members of the cryptocurrency community were quick to attack the Stars Arena team.
Related: Friend.tech’s SIM swap scourge continues as scammer pockets $385K in ether
The founder and developer of Delegate, known as “Foobar”, slammed the platform, claiming it screwed up its Friend.tech fork, and asked Stars Arena to “delete your account and product, you clown”.
I got a fully functional core contract and somehow added new attack vectors at the unverified fork. Delete your account and product, Clownshow
– Foobar (@0xfoobar) October 5, 2023
Stars Arena is the latest app to join a growing list of social finance platforms, such as Alpha on the Bitcoin network, Friendzy on Solana, and PostTech on Arbitrum.
Despite the surge in similar DeSo apps, Friend.tech remains the market leader with over $293 million in monthly trading volume and outperforms the closest app, PostTech, with over $283 million.
magazine: Blockchain Investigators – The collapse of Mount Gox gave birth to Chainalysis