A copycat of the Web3 social media app Friend.tech, which was driving a huge increase in traffic to the Avalanche network, has patched an exploit that could have been used to drain over $1 million from the platform. However, not everything was as it seemed.
Stars Arena, an unabashed clone of the Friend.tech platform, launched on the Avalanche network in late September, but only started to gain popularity earlier this week. The daily transaction volume surpassed $1.7 million on Monday, comprising over 215,000 transactions; a big jump from the 16,000 daily transactions the previous week.
This contributed to an almost 50% rise in transactions on the Avalanche network, and a 10% jump in the price of its AVAX token, from around $9.60 on Monday to $10.60 at the time of writing, according to data from CoinGecko.
However, it seemed that no sooner had Stars Arena made its mark than it fell prey to its own success, and was targeted by hackers who had found an exploit.
This was somewhat obnoxiously pointed out by X-user lilitch.eth, who claimed that, “1.1 million dollars are being drained right now because of noob devs who couldn't make a copy of Friend.tech that will work properly.”
Fellow users were quick to accuse the user of spreading FUD (fear, uncertainty and doubt), pointing out that the funds were not being drained, as the gas fees would require any exploiter to spend $5 million in order to extract the $1 million held.
Despite this, a reported $20,000 had been removed from the contract in the two hours since it was first identified.
A further hour later, the developers of Stars Arena took to X to inform users that the exploit had been fixed. Although it didn’t stop there. “DON’T GET THIS WRONG WE ARE AT WAR,” it shouted, and went on to claim that malicious actors had deliberately spent $5 per $1 of total value locked (TVL) drained from the platform.
“Make note of that, they were throwing away money to TAKE YOUR MONEY. They don’t want diversity. They want only monopoly.”
Needless to say, commenters found this response almost as concerning as the initial exploit, pointing out that a more rational post might have simply said, “Sorry about that. We fixed it.”
THE EXPLOIT HAS BEEN FIXED.
— Stars Arena (@starsarenacom) October 5, 2023
BUT DON’T GET THIS WRONG WE ARE AT WAR.
We’re being targeted by malicious actors in the space that want to steal your money.
The little guy is under attack.
You are under attack.
Your right to platform diversity is under attack.
Don’t get it… pic.twitter.com/DmbMdf9cAq
Not that Friend.tech has had much time to be attacking its competitors of late, as it has had its own problems to deal with. A recent leak of mobile phone numbers led to a rash of SIM-swapping exploits, with one scammer reportedly swiping $385,000 in Ether.
Friend-tech launched in August on Coinbase’s Layer 2 blockchain Base. At the time we felt that the project was highly suspicious, and indeed it was pronounced dead just a few days later as activity and fees tanked.
However, the platform soldiered on, rebuilding fees and activity to the point where Stars Arena felt that a clone of the platform was a worthwhile undertaking. With both platforms now succumbing to scammers it remains to be Observed what the future holds.
