On Saturday, hackers stole $2.9 million from Stars Arena, an on-chain social program created on the Avalanche blockchain, by exploiting a weakness in its smart contract. The team behind Stars Arena has already declared that it has the money to cover the shortfall and will carry out a thorough security check on the website.
Hack Costs Stars Arena $2.9 Million
The Avalanche blockchain-based social on-chain platform Stars Arena has said that it was the victim of a $2.9 million breach on Saturday that took use of a flaw in its smart contracts system. The Stars Arena team appealed on users to suspend deposits while they "actively" investigated the "major security breach" in a series of tweets on X (formerly known as Twitter).
A blockchain security and data analytics business called Peckshield stated in a first preliminary study that this assault made use of a reentrancy exploit on Stars Arena's shares contract, which allowed attackers to sell assets on the platform at a price beyond what was set.
According to Peckshield:
When the share or ticket is issued, the reentrancy is misused to update the weight, enabling the sale of 1 share for 274k $AVAX.
The platform had previously disclosed that it had fixed another exploit and said that it was "targeted by malicious actors in the space that want to steal your money."
Aftermath
Emin Gün Sirer, the founder and CEO of Ava Labs, downplayed the exploit by saying that the platform's developers might recover the money because of their connections and the platform's popularity.
As the situation grew, Gün Sirer said:
They have a sizable group of friends and a terrific product that has demonstrated its market viability. There was only a $3 million loss. I have faith that the hole will be sealed. Now, let's allow the group some time to perform the necessary code adjustments.
Later on, Stars Arena revealed that they had raised the money necessary to compensate users and that the site has sought the aid of a white hat development team to "rapidly review the security of the platform."
The site also stated that it would reopen with its cash recovered "very soon" after finishing a security audit. It did not, however, provide a timeline for when this will occur.
What do you think about Stars Arena's $2.9 million reentrancy fraud? Comment below with your answer and let us know.