Social media platform Web3 Stars Arena says it has recovered nearly all of the cryptocurrency stolen from the October 7 exploit — minus a 10% bounty to the person responsible.
In an October 11 post (Twitter), Stars Arena said that about 90% of the 266,000 Avalanche (AVAX) exploit, which at the time was worth about $3 million, had been returned after an agreement was reached to give 27,610 an AVAX bounty worth $257,000. Almost a dollar to the exploiter.
The reward also included compensation for 1,000 AVAX devices worth over $9,000 that were apparently lost by the scalper at a bridge.
We have recovered approximately 90% of the lost funds.
We have reached an agreement with the person responsible for the recent security breach.
Money returned for a 10% bonus fee + 1000 AVAX that was lost in a bridge.
Total money lost:…
– Stars Arena (@starsarenacom) October 11, 2023
In separate mailStars Arena added that it had written a new smart contract and before placing the returned funds and launching it, it was finalizing the audit of the new contract.
Stars Arena first alerted its community to the exploit on October 7, calling it a “major security breach” as its smart contract drained funds.
In a subsequent post, Stars Arena said it had secured funding to patch the vulnerability, and had hired a development team to conduct a full security audit, though the team has not yet explained how the exploit occurred.
Related: Galxe has replaced 110% of the funds users lost in the recent front-end hack, more than $400,000.
Days earlier, on October 5, Stars Arena was subjected to a smaller attack, though the hackers only took away about $2,000, they claimed.
This exploit occurred due to the Stars Arena developers missing a vulnerable price function in the platform’s smart contract. This allowed the exploiter to sell users’ shares for next to nothing and get AXAX in return, X user alias “0xlilitch” explained in an article mail.
Stars Area claimed to have patched the vulnerability.
Users of Stars Arena’s main competitor, Friend.tech, have also seen targeted SIM swap attacks, with Friend.tech recently adding security features to mitigate the attempts.
magazine: Recursive Patterns – A “supercomputer” for Bitcoin and BTC DeFi will soon be available