Web3 social media platform Stars Arena said it has recovered nearly all of the crypto stolen from an Oct. 7 exploit, minus a 10% bounty to the person responsible.

In an Oct. 11 X (Twitter) post, Stars Arena said around 90% of the 266,000 Avalanche (AVAX) exploited, at the time worth around $3 million, was returned after reaching an agreement to give a 27,610-AVAX bounty worth nearly $257,000 to the exploiter.

The bounty also included compensation for 1,000 AVAX worth over $9,000 seemingly lost by the exploiter in a bridge.

In a separate post, Stars Arena added that it had written a new smart contract, and before placing the returned funds and launching, it was finalizing an audit of the new contract.

Stars Arena first alerted its community to the exploit on Oct. 7, calling it a “major security breach,” with its smart contract leading to funds being drained.

In a subsequent post, Stars Arena said it secured funding to plug the hole left by the exploit and contracted a development team to do a full security audit, though the team has yet to detail how the exploit took place.

Related: Galxe replacing 110% of funds users lost in recent front-end hack, over $400K

Days earlier, on Oct. 5, Stars Arena was hit by a smaller exploit, though hackers only made off with around $2,000, they claimed.

The exploit was caused by Stars Arena developers missing a vulnerable price function in the platform’s smart contract. This allowed the exploiter to sell user shares for nothing and get AXAX in return, pseudonymous X user “0xlilitch” explained in a post.

Stars Area claimed to have patched the vulnerability.

Users of Stars Arena’s main competitor, Friend.tech, have also seen targeted SIM-swap attacks, with Friend.tech recently adding security features to mitigate the attempts.

Magazine: Recursive inscriptions — Bitcoin ‘supercomputer’ and BTC DeFi coming soon