Stars Arena Recovers 90% of Stolen Funds After Exploitation
Social media app Stars Arena has successfully recovered approximately 90% of the funds it lost after being exploited, according to an announcement from the team on X (formerly Twitter). The recovery was achieved through four days of on-chain negotiations. As part of the agreement, the attacker was allowed to keep slightly over 10% of the funds as a “white hat” bounty.
The Exploitation and Recovery Process
Stars Arena, a social media app on Avalanche, enables users to purchase “shares” of their favorite content creators in exchange for exclusive content and other benefits. On October 5, the platform fell victim to an exploitation. The developers claimed that only around $2,000 worth of crypto was lost, while a user reported losses exceeding $1 million. The team patched the exploit on the same day and relaunched with new code.
Two days later, an onchain message was sent to the attacker requesting the return of funds in exchange for a 5% white hat bonus. Although the attacker did not respond directly, they expressed willingness to cooperate on October 11. Subsequent negotiations took place through onchain messages and attempts to communicate via Blockscan chat app.
The Recovery Outcome
The team reached an agreement with the attacker for a 10% bounty. On October 11, Stars Arena announced via Twitter that approximately 90% of the stolen funds had been returned. However, due to losses in a cross-chain bridge, 1,000 AVAX tokens were not recovered. The initial amount drained from the app was 266,104 AVAX (around $2.4 million), with 239,493 AVAX (approximately $2.2 million) ultimately recovered.
Addressing Exploitations in DeFi Protocols
Exploiters often drain funds from decentralized finance protocols and return most of the stolen funds to avoid prosecution. Critics argue that robust bug bounty programs with better payouts could incentivize hackers to submit legitimate bounties instead of attacking protocols. To address this, blockchain security platform Immunefi launched a bug-bounty program called ‘vaults’ in September, aiming to increase transparency and attract hackers towards legitimate bounty programs.
Hot Take: Recovering Stolen Funds in Exploitations
The recovery of approximately 90% of the stolen funds by Stars Arena demonstrates the potential for negotiation and cooperation in resolving crypto exploitations. While the attacker retained a small portion as a “white hat” bounty, the majority of the funds were successfully returned. This outcome highlights the importance of open communication channels between teams and attackers in order to reach agreements that benefit all parties involved. Additionally, it underscores the need for robust bug bounty programs with attractive incentives, which can help deter attackers and foster a safer environment within decentralized finance protocols.
By
By
By