StarsArena patches exploited by Friend.tech after some money was lost.

News Desk5
3 Min Read

StarsArena announced that attackers were draining funds through a loophole, but the contract has been patched to prevent further damage.

The StarsArena Web3 app on Avalanche has lost some of its funds due to a malicious attack, according to social media reports on October 5. 

StarsArena user Lilitch.eth discovered the exploit and announced it on X, formerly known as Twitter. Lilitch.eth claimed over $1 million was lost in the attack. The StarsArena team confirmed the attack, calling it a “war” against the app. They said the attack only resulted in approximately $2,000 in losses and the exploit has now been patched.

StarsArena is a Web3 social media app running on the Avalanche network. Similar to Friend.tech, it allows users to buy “shares” or tokenized assets issued by content creators. The issuers can grant token owners access to exclusive content or other perks. Avalanche has seen a surge of activity since StarsArena was launched, as the network’s daily transaction count increased by over 186% from October 3-4.

In response, some users accused Lilitch of “fudding” (spreading fear, uncertainty, and doubt). For example, ZSwapDEX developer Mork claimed that “no exploiter can profit from this because the gas to run the tx is higher than the Avax extracted” and “they are proxy contracts – able to be updated.”

The StarsArena team responded with a post on X stating that “THE EXPLOIT HAS BEEN FIXED.” It claimed that attackers had been spending $5 in gas to drain $1 from the app in an attempt to destroy its credibility. “We are at war,” the post stated, claiming that the app was experiencing “coordinated FUD.” The team held a Twitter Spaces event to explain to users what was happening. In the event, they explained that only around $2,000 had been lost in the attack.

Responding to the team’s post, Lilitch denied that attackers had been spending $5 in gas to drain $1. “Nobody was spending 5$ to get 1$ from your TVL, chill,” they stated. They claimed instead that attackers stopped whenever gas prices became too high to make the attack profitable. Lilitch also denied making “war” against the app. In another post, they claimed to support the app now that it has been patched, stating “the conflict was resolved, we are friend now @starsarena to the moon.”

Friend.tech users have been facing a wave of SIM-swap attacks, leaving its users and those of similar apps on edge. On October 5, the Friend.tech team implemented a function to remove login methods to help combat the problem.

Share This Article
Leave a comment