The team behind the new friend.tech-inspired protocol Stars Arena has dismissed what it called “coordinated FUD” after patching an exploit that saw attackers escape with $2,000 from the Avalanche-based decentralized social media platform.
In an Oct. 5 post on X (Twitter) the Stars Arena account said the exploit was fixed, adding "don’t get this wrong, we are at war.”
THE EXPLOIT HAS BEEN FIXED.
BUT DON’T GET THIS WRONG WE ARE AT WAR.
We’re being targeted by malicious actors in the space that want to steal your money.
The little guy is under attack.
You are under attack.
Your right to platform diversity is under attack.
Don’t get it… pic.twitter.com/DmbMdf9cAq
Pseudonymous X user “0xlilitch” took a swipe at Stars Arena saying its "noob devs" missed patching a vulnerability in the platform’s price function allowing the attackers could sell zero user “tickets” in exchange for technically free Avalanche (AVAX) tokens.
So how is the contract getting drained right now?
THEIR getPrice() FUNCTION IS BROKEN
You can sell 0 shares and get AVAX. Yep. You can do this right now and it will work.
But where do this extra AVAX come from?
read next ⬇️ pic.twitter.com/0RM7NHxLeq
However, the attack vector reportedly turned out to be economically unfeasible for the attackers. The exploit itself caused a major surge in the gas fees on Avalanche which made extracting the earnings from the hack far more expensive than anticipated.
As a result, the attackers supposedly ended up spending more on gas fees than they netted from the exploit.
Ava Labs CEO Emin Gün Sirer highlighted in an X post that for every $0.04 earned from the exploit — the hackers spent an average of $0.25.
So much FUD about a Stars Arena exploit that has (1) already been fixed, (2) cost
Read more on cointelegraph.com