On 7 October, 2023 SocialFi project Stars Arena was exploited via a reentrancy vulnerability for 266,103 AVAX, approximately $2.88 million. The incident was the largest reentrancy exploit to occur on the Avalanche chain in 2023. Stars Arena was also exploited two days prior on 5 October for roughly $2k by the same exploiter. This earlier incident likely drew increased scrutiny over the Stars Arena contract.
Contracts named CirculateBUSD, CirculateWBNB were drained of all assets due to a third party dependency that transferred all tokens to the contract deployer. The same actions took place on contracts named CirculateUSDC and CirculateWAVAX on Avalanche.
On 10 December, 2022 at 1:21:34 AM UTC, Mu Coin was flash loan attacked for approximately 45 ETH ($57K) on AVAX. The attack took advantage of differences in price between the token in the LP pools and the token price obtained by buying bonds, resulting in a smart contract that is vulnerable to economic arbitrage. Mu coin founder Jon Vaughn acknowledged the attack and is attempting to raise the price back to levels similar before the incident.