Stars Arena Regains 90% of Funds Lost After Security Breach
Summary:
Stars Arena, a social media app, has successfully regained almost 90% of its lost funds after a security breach. The recovery followed four days of blockchain negotiations with the breacher who was allowed to retain slightly more than 10% of the funds as a 'white hat' bounty. Stars Arena, likened to Friend.tech, allows users to buy 'shares' from favorite content creators. The breach caused less damage than expected as the bug was promptly identified, fixed, and operations continued with improved code. However, critics suggest improved bug bounty programs might encourage hackers to identify system vulnerabilities instead of exploiting them.
Stars Arena, a prominent social networking application, has regained close to 90% of the money it misplaced due to an online breach, as confirmed by the group through a publicized statement on the platform X, which was previously known as Twitter, on the 11th of October. This restitution took place subsequent to four days of digital discussions, as spotted in the blockchain records. The individual who found and exploited the system's loophole was sanctioned to withhold slightly more than 10% of the recovered funds, with the rationale that this maneuver served as a 'white hat' reward.
StarsArena is a digital application providing a platform to its users to invest in 'shares' belonging to their preferred online influencers, in return for obtaining access to unique content and additional benefits. Its functioning is frequently likened to Friend.tech, a comparable application functioning on the Base network. The exploitation of Stars Arena transpired on October 5. According to an X user named Lilitch.eth, the amount of loss incurred was over a million dollars, while the application's developers insisted that the amount was a mere $2000 in cryptocurrency. The hacked smart contract was amendable; the team quickly identified and rectified the vulnerability, and resumed operations with revised code on the same day of the breach.
On the 7th of October, please return the funds to the contract address 0xA481B139a1A654cA19d2074F174f17D7534e8CeC we will give you 5% white hat bonus for doing that offer is valid until oct 10 only if you don't send we will have to take legal action against you were the words addressed to the attacker via an onchain message, with the address 0x96cefd23b3691d8cead413f2ec882e445fd0801e.The physical address attached in the core of this message is the verified contract of Stars Arena's shares, perhaps indicating that it was an official communication from the team. The attacker did not directly acknowledge this message, but instead conveyed on the 11th of October to a disparate address their willingness to cooperate.
The culmination of the negotiations took place at 07:21 pm UTC, when the team confirmed the approval of a 10% reward for the attacker, and declared the return of the latter half, solidifying the operation as a whitehat initiative. At 7:43 pm UTC, the collective administration declared publicly that the culprit had returned 90% of the filched funds, apart from 1,000 Avalanche (AVAX) tokens that were squandered in an inter-chain passageway. It was disseminated that 266,104 AVAX or roughly $2.4 million was initially withdrawn from the application, while 239,493 AVAX or around $2.2 million was reacquired. Inference from this is that the recovery was close to 90% of the funds stolen originally.
There is a pattern of such attackers siphoning funds from digital finance structures, only to later return a notable amount of the funds in exchange for an assurance of no legal pursuits against them. Dissenters propose that these exploits could be averted with the implementation of comprehensive bug bounty arrangements with better remunerations, as it could provoke hackers to legitimately provide bounty submissions instead of attacking online structures. As a part of its effort to enhance transparency and possibly encourage more hackers to join legal bounty programs instead of engaging in illegal activities, the blockchain security podium Immunefi inaugurated a 'vaults' bug-bounty campaign in September.
Published At
10/12/2023 8:00:00 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.