A white-hat hacker targeted the Super Sushi Samurai crypto game for a $4.6 million exploit on the Blast network, highlighting ongoing security challenges within the ecosystem.
SSS Game Hacked
The Super Sushi Samurai (SSS) project, a new gaming token on the layer-2 network Blast, faced a significant setback just days after its launch. An exploit led to a massive loss of $4.6 million, which the team disclosed on its X platform.
The team further announced on its Discord channel,
"We have been exploited, it's mint related. We are still looking into the code. Tokens were minted and sold into the LP."
The hack triggered a severe decline in SSS's value, plummeting by over 99.2%. CertiK, a blockchain security firm, assessed the breach and determined a loss of $4.6 million. Notably, the liquidity pool, crucial for decentralized finance, was drained as a result of the exploit.
What went down?
On March 17, the Super Sushi Samurai project debuted on the Ethereum layer-2 network Blast, unveiling its native token, SSS. The food-themed project aimed to offer an engaging gaming experience. However, the token's contract contained a critical vulnerability. An 'infinite mint' attack exploited this flaw, allowing the duplication of balances during transfers between identical addresses, resulting in a staggering $4.6 million loss.
Yuga Labs developer Coffeexcoin explained that the liquidity pool, a vital element in decentralized finance, was depleted due to a flaw in their token contract. This flaw allowed for the doubling of balances when transferring the entire balance to oneself.
White-Hat Intervention
Fortunately, the attack seemed to be orchestrated by a white-hat hacker with the intention of safeguarding at-risk funds. The hacker promptly notified the Super Sushi Samurai team via an on-chain message, proposing collaboration to reimburse affected users. Initiating contact with the exploiter through BlastScan messages, Super Sushi Samurai aimed to navigate the aftermath and explore potential solutions.
Challenges for Blast
The exploit of Super Sushi Samurai is not an isolated occurrence within the Blast ecosystem. Recently, the Blast-based gambling project RiskOnBlast made headlines for allegedly rug-pulling investors. Disappearing with 420 ether, equivalent to $1.29 million, raised during a token presale, the project left over 750 victims facing substantial financial losses.
Despite generating $2.3 billion in deposits upon its mainnet launch, Blast has encountered setbacks due to security vulnerabilities and exploitation cases.
While its use of FOMO-inducing points campaigns and VC-backing attracted attention, critics highlighted concerns over the project's infrastructure. Blast's 'bridge' was criticized for being a multisig wallet, and skepticism persisted as the network itself was still under development.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.