Hacker returns 90% of stolen funds to Stars Arena following exploit

Avalanche AVAX +6.43% -based social protocol Stars Arena has recovered approximately 90% of the funds lost during a security exploit last week. This recovery was made possible through a successful negotiation with the individual responsible for the attack, the team confirmed.

Stars Arena encountered a major exploit on Oct. 7 that led to the loss of funds locked in its smart contract. Security analysts at PeckShield estimated the size of the exploit to be around 266,104 AVAX coins, worth $2.9 million at that time. As a result, the value locked within the app fell to zero.

The breach was attributed to a reentrancy issue, enabling attackers to sell platform tickets — which grant access to individual chat rooms — for inflated prices. In the aftermath of this security lapse, Stars Arena issued a warning on X, advising users against depositing any more funds.

Stars Arena said it struck an agreement with the hacker. As per the agreement, the hacker would return about 90% of the stolen funds in return for a 10% bounty. From the 266,104 AVAX that were taken, the hacker has returned 239,493 AVAX across two distinct transactions. For this act, the hacker received a bounty of 27,610 AVAX (currently worth $250,000), according to the team.

What is Stars Arena?

Stars Arena operates as a forked iteration of FriendTech, an application that facilitates the purchase or sale of influencer profile tokens granting access to an individual’s chat room.

The pricing of these tokens follows a bonding curve, meaning they become pricier as their demand increases. Transaction fees on such platforms are relatively steep as there’s a 10% fee on every time the token is sold. Half of this total fee is allocated to the project’s team as revenue, and the other half is distributed to users whose tokens are traded.