FT仿盤Stars Arena已取回90%資產,審計後將重新推出
FT 仿盤 Stars Arena 在上週兩度遭駭損失了約 290 萬美元後,官方於昨日 (11) 晚間發布了更新消息。團隊目前正在審計新合約,產品將會在未來重新上線,而被盜資金也取回了 90%,剩餘 10% 作為駭客歸還資金的賞金。
(相關報導:FT 仿盤 Stars Arena 遭駭,損失約 290 萬美元)
UPDATE:
• Our technical team led by @0xlocrian has written an entirely new smart contract
• We are finalizing a full contract audit with @0xPaladinSec
• The contract will become open-source after the audit is concluded
• We will have a paused verified contract BEFORE…
— The Arena (@TheArenaApp) October 11, 2023
廣告 - 內文未完請往下捲動
Stars Arena 未來發展:準備重新推出新合約
Stars Arena 官方在公告中公布了以下幾點事情:
- 技術團隊已撰寫了全新的智能合約
- 合約正由 Paladin Blockchain Security 團隊進行全面審計
- 審計結束後,合約將開源
- 在合約重新上線前,將有一個暫停的已驗證合約
- 用來彌補缺口的資金將在審核完成後直接轉移到合約中
目前,產品正在進行負載測試中,以應對重新上線後的流量。
Stars Arena 提供駭客 10% 被盜資產作為賞金
在團隊試著重新出發之時,駭客透過區塊訊息聯繫團隊,表達有合作的意願。
而在後續的幾個小時內,雙方達成了協議,在最後一筆交易的區塊訊息中,Stars Arena 團隊表示願意提供 10% 的被盜資產作為白帽獎金。
關於此進展,團隊已於今日公告最新進度。
目前已收回了約 90% 的資金,並提供給駭客 27,610 AVAX (約 25.4 萬) 作為賞金。
UPDATE:
We have recovered approximately 90% of the lost funds.
We reached an agreement with the individual responsible for the recent security breach.
The funds have been returned in exchange for a 10% bounty fee + 1000 AVAX that was lost in a bridge.
Total funds lost:…
— The Arena (@TheArenaApp) October 11, 2023
一種被駭,兩種解讀
關於 Stars Arena 一而再地發生合約漏洞事件,力挺 Star Arena 的 Avalanche 創辦人 Emin 表示:很多大型協議也被駭過啊,Stars Arena 被駭金額也不算大,很快賺回來。越挫越勇。
Reading the comments, you would think that there was a $30B hack. Stars Arena is a profitable service that makes money. The amount lost, $3m, is something that SA can recover in about 10 days or so. Worst case, the team can borrow $3m and pay it back with interest.
Remember…
— Emin Gün Sirer🔺 (@el33th4xor) October 7, 2023
不過,一直對 Star Arena 頗有微詞的開發者 foobar 則是不客氣的說:安全才是驅動我們所有行為的因素。不懂得審計合約的傢伙,還用可以被升級的 proxy,直接儲存所有用戶的私鑰,丟失了所有資產。
"security is the core driving factor behind everything we do"
– guy who doesn't know how to verify a contract, using an upgradeable proxy, directly stores all user private keys, hasn't been audited, and just lost the entire TVL by replacing a medium vuln with a critical vuln
— foobar/ (@0xfoobar) October 7, 2023
風險提示
加密貨幣投資具有高度風險,其價格可能波動劇烈,您可能損失全部本金。請謹慎評估風險。
