Crypto game exploited for $4.6M, hacker claims to be white-hat
Food-themed crypto game Super Sushi Samurai was exploited for approximately $4.6 million today, though it appears to have been a white-hat operation.
The project’s token, SSS, contained a vulnerability within its contract that allowed for duplicating balances when making a transfer between the same ‘to’ and ‘from’ address.
At the time of writing, the proceeds, 1,310 Wrapped Ether (WETH) worth $4.6 million, remain in the exploiter’s address.
SSS exploited on blast for ~$4.8m pic.twitter.com/YpVLBYGqw7
— Spreek (@spreekaway) March 21, 2024
Read more: Ethereum’s Dencun causes ‘Blast’ layer 2 outage
Super Sushi Samurai had gone live just hours earlier on Blast, the controversial Ethereum layer-2 network, with the SSS token launched on March 17. The project had previously been runner-up in Blast’s recent Big Bang contest.
The project’s team confirmed the hack, known as an ‘infinite mint’ attack, stating “Tokens were minted and sold into the LP.” As a result, the token’s value dropped over 99%, according to data from CoinMarketCap.
Just over a month ago, the same vulnerability was used to hack another token, MINER. Despite this, an audit of the token contract by Verichains failed to pick up the bug.
It’s literally only been a month since we last saw this.
Study past exploits. Lessons in there. pic.twitter.com/bXGsgVVhUG
— quit.q00t.eth (👀,🦄) (@0xQuit) March 21, 2024
Read more: Critics decry Blast as the latest sketchy scheme on Ethereum
Luckily, however, the attack appears to have been conducted by a white-hat hacker to rescue at-risk funds. The team was informed via an on-chain message sent by the hacker shortly after the alarm was raised.
Blast’s use of a FOMO-inducing points campaign and VC-backing to draw enormous total value locked (TVL) attracted plenty of criticism when it was first announced. Skeptics noted the fact that the project’s ‘bridge’ was nothing more than a multisig wallet, while the network itself had yet to be built.