Avalanche upstart Stars Arena was drained of nearly all locked funds earlier today as attackers exploited a smart contract that helped secure tokens on the social application.
Some $3 million worth of Avalanche’s AVAX tokens were drained, leaving Stars Arena with just under $1 in funds after the attacker. X, formerly Twitter, user @0xLawliette seemed to in the early Asian hours on Saturday, but another user, @0xlilitch yesterday warned of potential security issues.
Stars Arena developers in a tweet on Saturday morning.
Stars Arena launched just over a week ago and quickly gained a cult following among Avalanche community members, some of whom earned as much as 1,000 AVAX in trading fees from the platform. It also helped bump prices of AVAX tokens by as much as 6% at one point during the week.
It was highly considered as a clone of Friend.Tech, a social app based on Ethereum grew to 100,000 users within weeks of its August release. Both apps let users purchase “keys” or “shares” of popular X users in turn for access to a closed chatroom, which may offer various privileges to those holders.
The values of these shares are very volatile, leading to some users treating the price gyrations similar to tokens and making a profit.
The exploit came even as some Ava Labs employees spoke in favor of the developments, which may have buoyed user trust. Some Ava Labs employees, including founder Emin Gün Sirer, seemed to hype the app over several X as well.
Sirer however, seemed to downplay concerns of the potential security exploit on Friday when it was first pointed out by @0xlilitch, even stating a potential breach had “already been fixed.”
Crypto markets remain a hotbed of generally poor security practices and criminal activity, with exploits and hacks accounting for some $1.3 billion in value lost in 2023 alone, as per estimates.