By: Isha Das
Following a sizeable digital heist last week, the Web3 social media platform Stars Arena announced the recovery of nearly 90% of the stolen cryptocurrency funds. Originally depleted of approximately 266,000 Avalanche tokens (AVAX) worth around $3 million, an agreement between the parties resulted in the return of the significant majority of the loot.
The perpetrator of the security breach accepted an offer of a 10% bounty, corresponding to roughly 27,610 AVAX tokens valued near $257,000. Extras included compensation for an alleged 1,000 AVAX (~$9,000) that the exploiter lost during a blockchain bridge operation. This strategy ultimately minimized the platform's losses and allowed a substantial recovery.
The exploit involved vulnerable price function missing in the platform's smart contract, allowing the exploiter to trade user shares for no cost, thus receiving AXAX in exchange. The issue has since been addressed and patched by the developers of Stars Arena. The company has further contracted a dedicated team to perform a thorough security audit in an attempt to seal potential future exploitable loop holes.
Prior to redeploying the recovered funds, Stars Arena has taken steps to institute and finalize a new smart contract. The platform's response to the security breach highlights the creative solutions Web3 platforms might employ to mitigate the damage done by large-scale security breaches.