Super Sushi Samurai Heist: Inside Job Suspected?

Super Sushi Samurai, a blockchain game built on Blast, was compromised hours before its launch due to a smart contract exploit. Exploiting the mint function, the attacker created excessive tokens, sold them on the liquidity pool, and made away with $4.6 million. The team and Certik have confirmed the exploit and are working with a white hat hacker to recover the funds and safeguard users.

Was Super Sushi Samurai's Exploit an Inside Job?

Super Sushi Samurai (SSS), a blockchain game built on the Blast Layer-2 solution, was compromised just before its highly anticipated launch. The exploit, reportedly orchestrated by a white hat hacker, resulted in the loss of $4.6 million due to a bug in the game's smart contract code.

Smart Contract Bug Exploited

According to SSS, the exploit was caused by a bug that enabled an unauthorized party to initiate an infinite mint function. This resulted in the creation of an excessive number of tokens, which were subsequently sold into the liquidity pool, causing a 99% token value slippage.

CertiK, an on-chain security firm, confirmed that $4.6 million worth of tokens were affected, with the attacker managing to extract 1310 ETH from the token's liquidity pool.

Investigations Reveal Unauthorized Token Acquisition

Investigations revealed that the attacker acquired 690 million SSS tokens and used an attack contract to initiate a series of transactions. By exploiting a vulnerability in the platform's update function, the attacker duplicated the tokens in their possession 25 times, resulting in a total of 11.5 trillion tokens, which were then exchanged for approximately 1,310 ETH.

Recovery Efforts Underway

SSS has been in active communication with its community, providing updates through Telegram and other social media platforms. In a public post, SSS revealed that the exploit was conducted by a white hat hacker who is currently collaborating with the SSS team. The hacker indicated that their intention was to protect users and that plans for reimbursing affected users are in progress.

SSS has also disclosed the address containing the compromised funds and is working with the white hat hacker to ensure the safe return of assets.

Post-Mortem Analysis

SSS has published a "post-mortem" update outlining the extent of the damage. Negotiations are ongoing to reach a resolution that safeguards both users and the white hat hacker involved.

Unanswered Questions

While SSS has provided some details about the exploit, several questions remain unanswered:

• Why was the smart contract vulnerable to this type of attack?
• Was the white hat hacker acting alone or in collusion with others?
• How will SSS prevent similar incidents in the future?

As more information becomes available, we will keep you updated on this developing story. In the meantime, investors should remain vigilant and take appropriate precautions to protect their assets when participating in blockchain-based games or investing in digital assets.