Stars Arena offers a $257K bounty and recovers 90% of the money that was taken.

The steward of the Web3 social media platform consented to retain a 10% reward in return for the restitution of the remainder of the purloined assets. Stars Arena, the Web3 social media platform, has disclosed the successful reclamation of nearly all the cryptocurrency that was filched during an exploit on October 7, with the exception of a 10% gratuity payable to the individual responsible. In a tweet posted on October 11 by Stars Arena on its X (Twitter) account, the platform declared that approximately 90% of the 266,000 Avalanche tokens, valued at approximately $3 million at that juncture, were reconciled following an accord that stipulated the disbursement of a 27,610-AVAX reward, which was tantamount to nearly $257,000, to the exploiter. This reward package also encompassed reparation for 1,000 AVAX tokens, amounting to over $9,000, seemingly misplaced by the exploiter in a bridge. In a separate communiqué, Stars Arena divulged its creation of a novel smart contract. Before the repositioning of the returned assets and the commencement of operations, an exhaustive review of the freshly devised contract was on the brink of completion. Stars Arena initially sounded the alarm within its community on October 7, characterizing the incident as a “substantial security breach,” attributing it to a flaw in its smart contract architecture that resulted in a siphoning of resources. In a subsequent message, Stars Arena informed its community that it had procured the necessary funding to mend the fissure generated by the exploit. A dedicated team of developers was commissioned to conduct a comprehensive security audit. However, the precise mechanics of the exploit remained undisclosed at this juncture. A few days prior, on October 5, Stars Arena had experienced a smaller-scale exploit, wherein malefactors absconded with approximately $2,000. Their modus operandi involved exploiting a weakness in the price function within the platform’s smart contract, permitting them to convert user shares into AXAX tokens, as elucidated by the pseudonymous user “0xlilitch” in a post. Stars Arena asserted that the vulnerability had been addressed and rectified. Meanwhile, users of Stars Arena’s primary competitor, Friend.tech, have also fallen victim to targeted SIM-swap attacks. In response, Friend.tech recently augmented its security infrastructure to fend off these intrusive attempts.