Super Sushi Samurai, a blockchain game developed on the Blast layer-2 solution, was poised for its much-anticipated launch when it fell victim to a devastating exploit, resulting in the loss of $4.6 million. This incident occurred mere hours before the scheduled release of its gaming product, casting a shadow over the project’s debut and raising concerns about the security of decentralized applications (DApps).
Super Sushi Samurai’ token tanks amid $4.6M exploit
The GameFi project Super Sushi Samurai (SSS), which is built on Coinbase’s Base layer-2 blockchain and the Telegram messaging app, experienced a $4.8 million withdrawal on March 21.
This withdrawal was made by an individual who identified themselves as a white hat hacker after discovering a double-spending glitch in the system. Following an unauthorized token dump, the value of the token experienced a significant 99% slippage.
The perpetrator managed to siphon off 1310 ETH from the token’s primary liquidity pool by repeatedly doubling their balance and subsequently liquidating all of it, as per the information disclosed by Certik to the cryptocurrency community.
Super Sushi Samurai had planned to release its web3 game on the same day. It is possible that the incident was carried out by a hacker with good intentions who is currently in contact with the Super Sushi Samurai team. Unfortunately, the details remain unclear at this time.
According to CertiK, there was an incident where a user made a series of transactions involving a large number of SSS tokens. The user initially purchased 690 million SSS tokens and then transferred the entire balance to themselves.
They proceeded to double the balance 25 times, resulting in a final total of 11.5 trillion SSS tokens. These tokens were eventually sold for 1,310 ETH, which is equivalent to approximately $4,590,827.
Following the incident, the individual responsible for double-spending the tokens sent a message on the blockchain, stating: “Hi team, this is a whitehat rescue hack. Let’s work on reimbursing the users. Please reach out via Blockscan chat from the SSS deployer 0x555b28f3b8b3b8ebd1b06997c2078fd94529f555 on Ethereum mainnet.”
Despite their apparent good intentions, it is important to highlight that the individual in question caused the SSS token to collapse by withdrawing $4.8 million in funds. Before the crash, SSS had a market capitalization of $27.75 million.
The tokens have experienced a significant decrease in value, losing over 99% of their initial worth. Shortly after, SSS developers replied: “Hello, white hat; we have reached out to you on Blockscan. Thank you for cooperating with us. SSS Team.”
A disturbing trend
After the breach, Super Sushi Samurai has been actively communicating with its community, sharing updates and providing reassurances through its official Telegram channel and other social media platforms.
The Super Sushi Samurai exploit is not an isolated incident within the Blast ecosystem. Last month, the Blast-based gambling project RiskOnBlast gained attention for reportedly deceiving investors.
The project mysteriously vanished after allegedly losing 420 ether, which is equivalent to $1.29 million, that was raised during a token presale. Over 750 victims experienced significant financial losses as the website and social media accounts vanished.
Despite the impressive $2.3 billion in deposits generated by Blast’s mainnet launch, its journey to success has been marred by security vulnerabilities and instances of exploitation. Blast currently holds a staggering $980 million in total value locked (TVL) at the moment.
Merely a month earlier, the ERC-X token Miner experienced a devastating crash of 99% due to the unearthing of a double-spending glitch, resulting in the endless creation of tokens. It’s unfortunate that the contract contains loopholes at a lower level. Transferring money to yourself can actually double your balance. The glitch resulted in significant user losses, totaling more than $10 million.