Web3 social media platform Stars Arena faced back-to-back security challenges during the past week as its popularity soared
The incident has divided the crypto community’s faith in the project, with many questioning its platform’s security strength.
Two Exploits in One Week
On October 5, Stars Arena suffered a vulnerability that allowed an attacker to move $2,000 worth of AVAX from the platform.
At the time, Stars Arena claimed it was at “war” with the “malicious actors” seeking to abscond with its users’ assets. The project further stated that it was ready to protect its platform and touted its security strength,
However, less than two days later, the decentralized social media project suffered another breach. On October 7, the Stars Arena team that its smart contract suffered a major security breach that allowed an attacker to drain an undisclosed amount of users’ funds from its platform.
The project would also later reveal that its site suffered from a distributed denial of service (DDoS) attack.
“Our smart contract was exploited and the funds were drained. The site is currently under DDOS attack. We are working on a solution to get everyone’s funds recovered and have the Arena move forward.”
from DeFillama shows that the attacks led to the total value of assets locked on the platform dropping to less than $1 as of press time from $2.78 million recorded on October 7.
Meanwhile, Stars Arena it has secured the necessary resources to rectify the damage caused by the exploit. They also confirmed an ongoing white hat security audit. Notably, all contracts will retain their original funds throughout the security audit.
Community Divided on Stars Arena
Emin Gun Sirer, the CEO of Avalabs, tried to downplay the extent of the attacks, the project “has quite a few friends and a fantastic product that has proven its virality in the market.”
However, his words drew criticism from the community, who pointed out the platform’s vulnerabilities. Sirer doubled down on his conviction, pointing out that $3 million is not a high amount for a project of Stars Arena quality. He
“We’re talking about a highly successful project here. Stars Arena earned more than $120k in a day, with their revenue growing exponentially. The chart below is something that most people would salivate over, and the user engagement and excitement are things that even Elon could not create on X. So yes, $3m is absolutely not a large amount for this particular team with these ground facts.”
The founder and CEO of web3 security firm Delegate, Foobar, suggested the possibility of an insider job for the attack, citing unexplained vulnerabilities in the platform’s contracts. The security expert
“No other reasonable explanation for taking a perfectly fine 100-line contract, adding in new vulnerabilities via functions that never get used, refusing to verify the contract, getting half-hacked, not fixing things, then getting full-hacked.”
