A social finance (SocialFi) platform built on Avalanche (AVAX) has suffered losses after bad actors targeted a smart contract vulnerability. 

Stars Arena allows content creators to monetize their expertise by selling tickets or shares to their followers using AVAX tokens to facilitate the sale. 

In a post on social media platform X, cybersecurity firm Peckshield says Stars Arena lost $2.9 million in AVAX after a breach that exploited the platform’s reentrancy issue. 

The security flaw enables attackers to drain the funds of a smart contract by repeatedly calling the withdraw function before the balance gets updated. 

Peckshield says the hackers targeted the vulnerability in a bid to sell the tickets at a higher price.

“Our initial analysis on today’s Stars Arena $2.9 million hack indicates a reentrancy issue on the Stars Arena… The reentrancy is abused to update the weight when the share/ticket is issued so that 1 share can be sold at a much higher price ~274,000 AVAX.”

Data from Avalanche blockchain tracker Snowtrace shows that Stars Arena’s smart contract is left with less than $0.01 worth of AVAX after the exploit.

In a post on social media platform X, Stars Arena says it is working to make every user whole. 

“We are deeply sorry for what happened.    

Our smart contract was exploited and the funds were drained. The site is currently under a DDOS (distributed denial-of-service) attack. We are working on a solution to get everyone’s funds recovered and have the Arena move forward.”

Amid criticisms, the SocialFi app, which just launched in late September, says it will not cease operations because of the incident.

“Important news: we have secured the resources to close the gap caused by the exploit. Additionally, a special white hat development team is coming in to rapidly review the security of the platform. 

We will re-open the contract with all the funds in full after a full security audit. This will happen very soon. We’re not going anywhere. The Arena marches on.”

AVAX is down by 4% over the past 24 hours. The token is currently trading for $10.35.

Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox

Check Price Action

Follow us on Twitter, Facebook and Telegram

Surf The Daily Hodl Mix

Check Latest News Headlines 

Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any loses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Featured Image: Shutterstock/Dotted Yeti/Nikelser Kate