FT Exchange's simulated trading platform, Stars Arena, has recovered 90% of its assets and will relaunch after an audit.
FT mirror site Stars Arena was hacked twice last week, resulting in a loss of approximately $2.9 million. The official team released an update yesterday evening. The team is currently auditing new contracts, and the product will be back online in the future. 90% of the stolen funds have been recovered, with the remaining 10% set aside as a reward for the hackers to return the funds.
UPDATE:
• Our technical team led by @0xlocrian has written an entirely new smart contract
• We are finalizing a full contract audit with @0xPaladinSec
• The contract will become open-source after the audit is concluded
• We will have a paused verified contract BEFORE…
— Stars Arena (@starsarenacom) October 11, 2023
Table of Contents
Stars Arena Future Development: Preparing to Relaunch New Contracts
Stars Arena officials announced the following:
- The technical team has written a brand new smart contract
- The contract is undergoing a comprehensive audit by the Paladin Blockchain Security team
- Once the audit is complete, the contract will be open-sourced
- Before the contract is relaunched, there will be a paused verified contract
- Funds to cover the gap will be transferred directly to the contract after the audit is completed
Currently, the product is undergoing load testing to prepare for the traffic after the relaunch.
Stars Arena Offers Hacker 10% of Stolen Assets as Bounty
As the team tries to start anew, hackers contacted the team through blockchain messages expressing interest in cooperation.
In the following hours, an agreement was reached, and in the final transaction's blockchain message, the Stars Arena team expressed willingness to provide 10% of the stolen assets as a white hat bounty.
The team has announced the latest progress today.
Approximately 90% of the funds have been recovered, and 27,610 AVAX, about 254,000, has been provided to the hacker as a bounty.
UPDATE:
We have recovered approximately 90% of the lost funds.
We reached an agreement with the individual responsible for the recent security breach.
The funds have been returned in exchange for a 10% bounty fee + 1000 AVAX that was lost in a bridge.
Total funds lost:…
— Stars Arena (@starsarenacom) October 11, 2023
One Hack, Two Interpretations
Regarding the recurring contract vulnerability incidents at Stars Arena, Avalanche founder Emin, who supports Stars Arena, stated: Many large protocols have also been hacked, and the amount stolen from Stars Arena is not significant; it will be quickly recovered. Adversity makes us stronger.
Reading the comments, you would think that there was a $30B hack. Stars Arena is a profitable service that makes money. The amount lost, $3m, is something that SA can recover in about 10 days or so. Worst case, the team can borrow $3m and pay it back with interest.
Remember…
— Emin Gün Sirer🔺 (@el33th4xor) October 7, 2023
However, developer foobar, who has been critical of Star Arena, bluntly stated: Security is the driving factor behind all our actions. Those who do not understand auditing contracts, use upgradable proxies, and store all user private keys directly, risk losing all assets.
"security is the core driving factor behind everything we do"
– guy who doesn't know how to verify a contract, using an upgradeable proxy, directly stores all user private keys, hasn't been audited, and just lost the entire TVL by replacing a medium vuln with a critical vuln
— foobar (@0xfoobar) October 7, 2023
Related
- Huawei chips found with TSMC's shadow, can TSMC (2330) continue to hit new historical highs?
- Sorella Labs Raises €7.5 Million, Focuses on Two Ethereum MEV Solutions Brontes and Angstrom
- Is BUILD still happening? What are the weaknesses and challenges in the industry behind the proliferation of cryptographic infrastructure?