Super Sushi Samurai Suffers $4.6M Loss in White Hat Attack, SSS Token Plunges 99%
In Brief
Super Sushi Samurai experienced an exploit, leading to the theft of $4.6 million after the SSS token launch.
GameFi project Super Sushi Samurai (SSS) experienced a vulnerability exploit on the Layer 2 network Blast within the Telegram messaging application, leading to the theft of $4.6 million. The incident occurred shortly after the SSS token launch and involved exploiting the minting functionality of the smart contract.
The security breach was identified by blockchain analytics firm CertiK, who shared a post on social media platform X, saying, “We have observed an incident impacting @SSS_HQ on Blast. Contract: 0xdfDCdbC789b56F99B0d0692d14DBC61906D9Deed. A total of $4.6 million has been affected.”
Subsequently, Super Sushi Samurai confirmed the exploit, with the issue relating to minting. The project mentioned ongoing investigations into the code, revealing that tokens were minted and sold into the liquidity pool. Following the incident, the value of Super Sushi Samurai’s native token SSS dropped by over 99%.
A Yuga Labs smart contract developer, Coffee, indicated a bug in the token contract that allowed users to double their funds by transferring their entire wallet balance to themselves. Supposedly, the attacker exploited this bug, doubling their funds and draining liquidity on decentralized exchanges. The attacker then sold the newly minted tokens for 1,310 wrapped Ethereum (ETH), equivalent to $4.6 million.
However, the funds may not be entirely lost. The attacker attempted to communicate with the Super Sushi Samurai team, asserting their actions constituted a “white hat rescue” operation and proposing assistance in compensating affected users.
Blast Network Faces Exploits and Rug Pull Incidents
Super Sushi Samurai operates on the Blast network and is accessible through Telegram. Rewards are derived from various sources, including trading taxes, on-chain transaction fee rebates from Blast, and yield generated from ETH in the liquidity provider pool.
An EVM-compatible scaling protocol that utilizes Optimistic Rollups Blast offers a native yield model for ETH and stablecoins, presenting an annual passive income opportunity ranging from 4-5%. Since its mainnet launch earlier this month, Blast has made over $2.3 billion in assets available for withdrawal.
However, a popular network has garnered significant attention, not only from users and developers but also from bad actors.
Recently, blockchain security company SlowMist has received several reports where staked Ethereum (stETH) was stolen and cross-chain transferred to the Blast mainnet. The confirmed losses have exceeded 100 stETH, and it is suspected that the victims’ mnemonic phrases or private keys were compromised, allowing the attackers to engage in activities on the Blast mainnet.
In another incident, the Blast ecosystem experienced a rug pull event when an anonymous account, RiskOnBlast, purportedly representing a gambling and exchange platform, raised 420 ETH, equivalent to $1.3 million, from investors before abruptly disappearing.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.About The Author
Alisa is a reporter for the Metaverse Post. She focuses on investments, AI, metaverse, and everything related to Web3. Alisa has a degree in Business of Art and expertise in Art & Tech. She has developed her passion for journalism through writing for VCs, notable crypto projects, and scientific writing. You can contact her at alisa@mpost.io
More articlesAlisa is a reporter for the Metaverse Post. She focuses on investments, AI, metaverse, and everything related to Web3. Alisa has a degree in Business of Art and expertise in Art & Tech. She has developed her passion for journalism through writing for VCs, notable crypto projects, and scientific writing. You can contact her at alisa@mpost.io