Stars Arena recently reported that malicious actors attempted to siphon funds through an exploit, but they have successfully patched the contract to prevent any further harm. According to online reports on social media, the Stars Arena Web3 social media platform on the Avalanche network fell victim to a malicious attack.

The breach was discovered by Stars Arena user Lilitch.eth on October 5th, who promptly shared the discovery on X (formerly Twitter), revealing a loss of over $1 million. Stars Arena’s development team has acknowledged the attack, characterizing it as a “war” against their platform. They have reassured users that the attack resulted in a relatively modest loss of approximately $2,000 and that they have since patched the vulnerability to secure the platform.

Much like Friend.tech

Stars Arena offers users the opportunity to purchase “shares,” which represent tokenized assets issued by content creators. These tokens entitle their owners to access exclusive content or other special privileges. Since the launch of Stars Arena, Avalanche has experienced a significant uptick in activity, with the daily transaction volume on the network surging by an impressive 186% between October 3rd and 4th.

On October 5th, Lilitch.eth made a declaration on X, stating that “1.1 million dollars are being drained right now because of inexperienced developers who were unable to create a functional replica of Friend.tech. If you own ANY SHARES in StarsArena, it is advisable to sell them while you still have the opportunity.” In their post, they included a screenshot of a smart contract containing around 107,329 AVAX tokens, which were valued at over $1 million at the time.

In response to Lilitch.eth’s

Some users accused them of “fudding” (spreading fear, uncertainty, and doubt). For instance, ZSwap developer Mork argued that “no exploiter can profit from this because the gas to run the transaction is higher than the Avax extracted” and pointed out that “they are proxy contracts – able to be updated.”

In a counter statement

The Stars Arena team addressed the situation on X and emphatically declared that “THE EXPLOIT HAS BEEN FIXED.” They alleged that the attackers were spending $5 in gas fees to drain just $1 from the app, characterizing this as a coordinated effort to undermine the platform’s credibility through “coordinated FUD.” To provide users with a clearer understanding of the situation, the team organized a Twitter Spaces event where they explained that the attack resulted in only approximately $2,000 in losses.

In response to the team’s post

Lilitch.eth disputed the claim that attackers were spending $5 in gas fees to drain $1, stating, “Nobody was spending $5 to get $1 from your TVL, chill.” Instead, they argued that attackers ceased their activities when gas prices reached levels that made the attack unprofitable. Lilitch.eth also denied any intention of waging a “war” against the app. In a subsequent post, they expressed support for the app now that it had been patched, saying, “The conflict was resolved, we are friends now. @starsarena to the moon.”

Meanwhile, users of Friend.tech have been dealing with a series of SIM-swap attacks, causing anxiety among its user base and similar app users. On October 5th, the Friend.tech team took action by implementing a feature to remove certain login methods in an effort to address this ongoing issue.