Avalanche (AVAX)-Based Social Finance Platform Suffers $2,900,000 Exploit: Peckshield

A social finance (SocialFi) platform built on Avalanche (AVAX) has suffered losses after bad actors targeted a smart contract vulnerability. 

Stars Arena, a platform that enables content creators to monetize their expertise by selling tickets or shares to their followers using AVAX tokens, has suffered a security breach resulting in the loss of $2.9 million in AVAX, according to cybersecurity firm Peckshield. The breach exploited a reentrancy issue in the platform's smart contract, allowing attackers to repeatedly call the withdraw function before the balance was updated. The hackers targeted this vulnerability to inflate the price of tickets and shares, with one share being sold at a significantly higher price of approximately 274,000 AVAX.

Source: Peckshield/X

Data from Avalanche blockchain tracker Snowtrace reveals that following the exploit, Stars Arena's smart contract holds less than $0.01 worth of AVAX.

In a statement on an undisclosed social media platform, Stars Arena expressed its commitment to rectify the situation and reimburse affected users, despite the ongoing DDOS (distributed denial-of-service) attack on its site.

The SocialFi app, which launched in late September, emphasized that it will continue its operations despite the incident. The platform secured resources to cover the exploited funds and plans to undergo a thorough security audit before resuming full functionality.

AVAX has experienced a 4% decline in the last 24 hours, with the token's current trading price at $10.35.

Oct 09, 2023

1 0