Stars Arena recovers 90% of exploited funds after onchain negotiations

cointelegraph.com:

Social media app Stars Arena has recovered approximately 90% of the funds it lost after being exploited, according to an October 11 announcement from the team on X (formerly Twitter). The recovery occurred after four days of on-chain negotiations, blockchain data shows. The attacker was allowed to keep slightly more than 10% of the funds as a “white hat” bounty.

UPDATE:

We have recovered approximately 90% of the lost funds.

We reached an agreement with the individual responsible for the recent security breach.

The funds have been returned in exchange for a 10% bounty fee + 1000 AVAX that was lost in a bridge.

Total funds lost:…

StarsArena is a social media app on Avalanche that allows users to buy “shares” of their favorite content creators in exchange for exclusive content and other perks. It is often compared to Friend.tech, a similar app that runs on Base network.

Stars Arena was exploited on October 5. X user Lilitch.eth claimed that over $1 million was lost in the attack, while the developers of the app claimed that only around $2,000 worth of crypto was lost. The exploited smart contract was upgradeable, and the team patched the exploit and relaunched with new code on the day of the attack.

On October 7, address 0x96cefd23b3691d8cead413f2ec882e445fd0801e sent an onchain message to the attacker, stating “please return the funds to the contract address 0xA481B139a1A654cA19d2074F174f17D7534e8CeC we will give you 5% white hat bonus for doing that offer is valid until oct 10 only if you don't send we will have to take legal action against you.”

The address listed in the body of the message is the official Stars Arena: Shares contract, which seems to imply that the message was sent by the team. The attacker did not respond