Blast-based game SSS hit with $4.6 million exploit by a possible white hat hacker

Attack contract doubled tokens 25 times before mass sell-off

Blast-based game SSS hit with $4.6 million exploit by possible white hat hacker

Share this article

An exploit executed on Mar. 21 drained $4.6 million in user funds from Super Sushi Samurai (SSS), a game built on Ethereum’s layer-2 blockchain Blast. According to a report by blockchain security firm CertiK, the game’s native token experienced a 99% slippage due to a suspicious token dump, which led to the funds being drained.

The exploiter purchased 690 million SSS tokens and transferred them to an attacking contract, multiplying the tokens 25 times to end up with 11.5 trillion and swapping them for 1,310 Ether (ETH).

The vulnerability stemmed from the ‘contracts _update()’ function, which failed to correctly update balances when transferring tokens to oneself. The stolen funds are currently in the exploiter’s wallet.

Through an X post, the SSS team stated that they are in contact with the exploiter, who is supposedly a white hat hacker, and both parties are working on the safe return of funds.

Share this article

Loading...