Cyberattack Shakes Stars Arena: Avalanche-Based Social Protocol Hacked
Date: 2023-10-07 Author: Dima Zakharov Categories: BLOCKCHAIN
The cyberattack on Stars Arena has raised significant concerns in the crypto world. Renowned reporter Colin Wu drew attention to the protocol's developers, who likened it to Friend Tech, another popular platform. The developers confirmed the presence of a serious security vulnerability in the smart contract.
It has also been revealed that the development team is actively addressing the issue. Users are strongly advised not to deposit their funds into Stars Arena. Several leading blockchain security companies conducted their own analyses of the problem and shared their findings on Twitter, vowing to continue their exploration of the exploit.
According to PeckShield Alert, the Stars Arena breach resulted in damages totaling $2.9 million. Analysts disclosed the hacker's wallet address and revealed that the vulnerability in Stars Arena: Shares allowed the attacker to issue shares at a higher price, resulting in approximately 274,000 AVAX in gains.
Researchers from Beosin emphasized that the "protocol contract is not open source." They expressed confidence that the hacker was able to steal cryptocurrency assets due to the vulnerability in the reentry function.
Researchers noted, "During the call of function 0xe9ccf3a3, the attacker re-entered and initiated 0x5632b2e4, setting the necessary block height. Then, in SellShares, this value was used as a parameter for calculating the amount of AVAX to send. As a result, the calculated amount was unusually large. Ultimately, the hacker managed to make a substantial profit."
SlowMist researchers also revealed that the theft of cryptocurrencies occurred due to a smart contract security breach and advised users not to deposit funds. They highlighted that the hacker transferred 266,103 AVAX to their wallet address, subsequently sending a portion of the funds to the FixedFloat protocol.
It has also been revealed that the development team is actively addressing the issue. Users are strongly advised not to deposit their funds into Stars Arena. Several leading blockchain security companies conducted their own analyses of the problem and shared their findings on Twitter, vowing to continue their exploration of the exploit.
According to PeckShield Alert, the Stars Arena breach resulted in damages totaling $2.9 million. Analysts disclosed the hacker's wallet address and revealed that the vulnerability in Stars Arena: Shares allowed the attacker to issue shares at a higher price, resulting in approximately 274,000 AVAX in gains.
Researchers from Beosin emphasized that the "protocol contract is not open source." They expressed confidence that the hacker was able to steal cryptocurrency assets due to the vulnerability in the reentry function.
Researchers noted, "During the call of function 0xe9ccf3a3, the attacker re-entered and initiated 0x5632b2e4, setting the necessary block height. Then, in SellShares, this value was used as a parameter for calculating the amount of AVAX to send. As a result, the calculated amount was unusually large. Ultimately, the hacker managed to make a substantial profit."
SlowMist researchers also revealed that the theft of cryptocurrencies occurred due to a smart contract security breach and advised users not to deposit funds. They highlighted that the hacker transferred 266,103 AVAX to their wallet address, subsequently sending a portion of the funds to the FixedFloat protocol.
