Recently, Stars Arena fell victim to a hacking incident, resulting in a depletion of 3 million USD in Total Value Locked (TVL). On October 7, 2023, the official X account of the Stars Arena project confirmed the attack after the smart contract was drained of nearly 3 million USD TVL.
The hacker exploited the ‘sellShares’ vulnerability to exploit a new loophole in the StarsArena contract and emptied the entire amount of over 266,201 AVAX, equivalent to nearly 3 million USD TVL in the protocol. Subsequently, the attacker transferred the funds to their own wallet. Following the news, Stars Arena’s TVL also plummeted nearly 100 times, dropping from the initial 2.78 million USD to only $31,320.
According to Peckshield’s analysis, the hacker conducted a reentrancy attack on Stars Arena, selling tickets at a much higher price than the market rate. Notably, less than 24 hours before the hack, the rival SocialFi platform of friend.tech had posted a tweet celebrating its achievement of reaching a TVL milestone of nearly 3 million USD in just over two weeks of operation, but now almost the entire “victory” has “vanished into thin air.”
Introduced in September, Stars Arena is a social protocol inspired by FriendTech. Within just two weeks of its launch, Stars Arena’s TVL surpassed 1 million USD, leading to a significant increase in on-chain transactions on the Avalanche network. Despite attracting investors’ attention, the project also faced numerous suspicions, notably on October 5, 2023, when the community discovered serious vulnerabilities in Stars Arena that allowed anyone to withdraw AVAX from the project’s contract.