Tag: stars arena

SlowMist Report: 10 Crypto Incidents Unveiled

The blockchain and cryptocurrency domain continues to battle against a variety of security threats, as elucidated in the SlowMist Weekly Security Report for the period October 1 – October 7, 2023. The report sheds light on ten distinct security incidents impacting entities across the spectrum, from individual token ventures to large-scale platforms, underlining the financial toll exerted by these attacks.

Statistical Overview

Total Security Incidents: 10

Noteworthy Trend: A surge in DNS Hijacking Attacks and Discord compromises.

Severe Impact: Stars Arena bearing the brunt with a loss approximating $3,000,000.

Incident Breakdown

1. Galxe (2023-10-06): A case of unauthorized access via DNS hijacking led to the misappropriation of visitors’ funds, affecting 1,120 users, with a financial fallout of around $270,000.

2. MCT (2023-10-06): DNS domain hijacking unfolded, enabling the potential upload of private keys to a fraudulent domain. Though the loss remains undisclosed, precautionary actions were advised.

3. Fake CommEx token (2023-10-06): An orchestrated liquidity withdrawal in a rug pull scenario saw the deployer walking away with approximately $154,000.

4. Friend.tech (2023-10-05): Four users were subjected to SIM card swap attacks, resulting in a collective loss nearing $385,000.

5. Stars Arena (2023-10-05): A glaring security breach within the platform’s smart contract framework led to a heist of about $3,000,000.

6. DePay (2023-10-05): The platform endured a flash loan attack, albeit with a relatively minor loss of $827.

7. Metropolis World (2023-10-05): The compromise of the platform’s Discord server was reported, though the loss hasn’t been quantified.

8. GEMIE (2023-10-02): A hack on the Discord server led to the distribution of phishing links. The users were cautioned against interaction, with the loss yet to be specified.

9. VendX (2023-10-02): Similar to Metropolis World and GEMIE, VendX’s Discord server fell prey to compromising activities.

10. Fake EigenLayer Token (2023-10-01): An exit scam on a counterfeit token resulted in a windfall for the deployer, with losses accumulating to around $300,000.

Recommendations

In light of the persistent menace of social engineering and phishing forays, coupled with smart contract vulnerabilities, the crypto community is urged to exercise vigilance. The diverse nature of the attacks spotlighted this week emphasizes the indispensability of robust, multi-faceted security strategies. While certain entities suffered crushing financial setbacks, others showcased prompt response mechanisms to curb potential damages. The report accentuates that regular testing and updates, alongside cautious interaction with digital platforms, are cardinal in diluting security risks.

Stars Arena Tightens Security Following $3M Exploit

In the wake of a damaging security breach that saw a loss of nearly $3 million, Stars Arena, an Avalanche-based Web3 social media application, has taken significant steps to bolster its security infrastructure and restore users’ trust. Following the exploit on October 6, 2023, the company has moved its funds to a more secure multisig wallet, launched an extensive security audit, and employed a white hat team to assess and enhance the platform’s security measures.

On October 7, 2023, Stars Arena updated its followers on the remedial steps being taken post-exploit. The funds were transferred from the original fee wallet to a new Gnosis Safe multisig wallet, requiring three out of six signatures from the Stars Arena team members for transactions. This wallet, identified by the address 0xAc0388Fe24D65358f2fF063ebCbEfa321A2a091d, is part of the security infrastructure overhaul aimed at preventing future breaches.

Stars Arena has successfully secured resources to cover the financial void left by the exploit, which equated to a loss of 266,103 Avalanche (AVAX) tokens, translating to almost $3 million at the time. The disclosure about the financial cover-up and the introduction of a white hat team for a rapid security review were made on the social media platform X (formerly Twitter). The white hat team is expected to scrutinize the platform’s security before reopening the contract to the users.

Blockchain security firm SlowMist traced the hacker’s activities, establishing that the stolen AVAX tokens were transferred to the address (0xa2Eb…ad7A), and a portion of these tokens, 50.32 AVAX, was later moved to the Fixed Float crypto exchange on October 6. The tracking of the stolen funds and the hacker’s activities is ongoing as the community seeks to recover the lost funds and bring the perpetrator(s) to justice.

Amidst these developments, Stars Arena has advised users against depositing any new funds until the security audit is complete and the platform’s contract is reopened. The advisory underscores the platform’s commitment to securing users’ assets while the necessary security enhancements are being implemented.

Stars Arena Recovers Majority of Stolen Crypto

Web3-based social media platform, Stars Arena, has made a significant recovery of the crypto assets lost during a security breach on October 7, 2023. As per the update shared on October 11, 2023, via a tweet, the platform successfully reclaimed approximately 90% of the stolen funds. The total amount stolen was 266,104 Avalanche (AVAX) tokens, which, at the time, had a market value of around $3 million, as reported by Blockchain.News. The recovery came after the platform reached a settlement with the individual responsible for the exploit. The compromised funds were returned, excluding a 10% bounty fee given to the exploiter, which amounted to 26,610 AVAX, plus an additional 1,000 AVAX that was apparently lost in a bridge during the exploit, totaling a 27,610 AVAX bounty.

Stars Arena received back a sum of 239,493 AVAX, processed in two separate transactions, each comprising 119,246 AVAX. The bounty, valued at nearly $257,000 at the time, served as a compensatory measure for the individual responsible for the exploit.

Following the recovery, Stars Arena has taken strides to bolster its security framework to prevent similar incidents in the future. The platform disclosed that it has developed a new smart contract to secure the returned funds before re-launching. As a part of the ongoing effort to enhance security, the platform is in the final stages of conducting an audit on the new contract. Initially, on October 7, the platform had notified its community about the significant security breach caused due to a flaw in the smart contract that led to the draining of funds.

In a follow-up update, Stars Arena revealed that it has secured additional funding to address the security lapse and has engaged a development team to conduct a comprehensive security audit. However, details regarding the nature of the exploit have yet to be disclosed.

This wasn’t the first security issue faced by Stars Arena. Merely two days before the major exploit, on October 5, a smaller security breach occurred, though the hackers could only manage to steal around $2,000 worth of assets. The root cause was identified as a vulnerable price function in the platform’s smart contract, which allowed the exploiter to sell user shares at no cost and receive AVAX in return. The vulnerability was later patched by the platform.

The security challenges aren’t unique to Stars Arena as its main competitor, Friend.tech, has also witnessed targeted SIM-swap attacks. In response, Friend.tech has recently enhanced its security features to thwart such attempts.

Exit mobile version