In the wake of a damaging security breach that saw a loss of nearly $3 million, Stars Arena, an Avalanche-based Web3 social media application, has taken significant steps to bolster its security infrastructure and restore users' trust. Following the exploit on October 6, 2023, the company has moved its funds to a more secure multisig wallet, launched an extensive security audit, and employed a white hat team to assess and enhance the platform's security measures.
On October 7, 2023, Stars Arena updated its followers on the remedial steps being taken post-exploit. The funds were transferred from the original fee wallet to a new Gnosis Safe multisig wallet, requiring three out of six signatures from the Stars Arena team members for transactions. This wallet, identified by the address 0xAc0388Fe24D65358f2fF063ebCbEfa321A2a091d, is part of the security infrastructure overhaul aimed at preventing future breaches.
Stars Arena has successfully secured resources to cover the financial void left by the exploit, which equated to a loss of 266,103 Avalanche (AVAX) tokens, translating to almost $3 million at the time. The disclosure about the financial cover-up and the introduction of a white hat team for a rapid security review were made on the social media platform X (formerly Twitter). The white hat team is expected to scrutinize the platform's security before reopening the contract to the users.
Blockchain security firm SlowMist traced the hacker's activities, establishing that the stolen AVAX tokens were transferred to the address (0xa2Eb...ad7A), and a portion of these tokens, 50.32 AVAX, was later moved to the Fixed Float crypto exchange on October 6. The tracking of the stolen funds and the hacker’s activities is ongoing as the community seeks to recover the lost funds and bring the perpetrator(s) to justice.
Amidst these developments, Stars Arena has advised users against depositing any new funds until the security audit is complete and the platform's contract is reopened. The advisory underscores the platform's commitment to securing users' assets while the necessary security enhancements are being implemented.
Image source: Shutterstock