White Hat Hacker Exploits Bug in Super Sushi Samurai Token, Steals $4.6 Million in Ethereum
Crypto News – Amidst the launch frenzy of Blast network‘s latest gaming token, Super Sushi Samurai, a hacker exploited a critical vulnerability, siphoning approximately $4.6 million worth of Ethereum on March 21, merely weeks after its introduction.
This exploit triggered an alarming 99% plummet in the token’s value post an unauthorized token dump. The perpetrator managed to abscond with 1310 ETH from the token’s primary liquidity pool, meticulously doubling their balance and liquidating it, as per details divulged by Certik to CryptoSlate.
Coinciding with the planned unveiling of its web3 game, Super Sushi Samurai found itself entangled in this breach, raising speculations about potential involvement of a white hat hacker in communication with the project’s team, albeit specifics remain nebulous at present.
Unraveling the Exploit
Investigations following the breach unveiled an intricate series of events where an unauthorized entity seized control of 690 million SSS tokens, initiating a cascade of transactions orchestrated through a bespoke attack contract.
Exploiting a vulnerability nestled within the platform’s _update() function, the attacker orchestrated the duplication of their token holdings a staggering 25 times. This manipulation artificially inflated the token supply to a bewildering 11.5 trillion, ultimately culminating in the conversion of approximately 1,310 ETH, valued at $4,590,827.
The exploit hinged on a flaw within the smart contract’s balance update mechanism, failing to accurately record changes when tokens were transferred to the same address. This oversight facilitated an exponential surge in the attacker’s token inventory sans legitimate transactions.
Notably, this isn’t the first occurrence of such a vulnerability; a similar exploit targeted the Ethereum-based token MINER in February, resulting in a loss of 168.8 ETH.
Recovery Endeavors
Post-breach, Super Sushi Samurai initiated robust community engagement, disseminating updates and reassurances through its official Telegram channel and various social media platforms.
The team’s proactive stance involves attempts to establish communication with the exploiter. A recent tweet from the gaming platform hints at interaction with a white hat hacker regarding the incident, though their role in either perpetrating the exploit or aiding in recovery remains indeterminate.
Super Sushi Samurai articulated its collaborative efforts with the white hat hacker toward the secure restitution of funds, promising a comprehensive post-mortem and updates in due course.
The address housing the compromised funds has been publicly disclosed to expedite tracking and potential recovery of the pilfered assets.
This incident underscores the paramount importance of stringent security protocols in the crypto realm, where the intangible nature of assets renders them susceptible to such exploits. It also underscores the persistent challenges faced by platforms in fortifying defenses against sophisticated cyber threats.
Leave a comment