Unidentified White Hat Rescues $4.6 Million From Blast Network Hack

An unknown entity has exploited a Telegram-based game called Super Sushi Samurai (SSS) that runs on the Ethereum (ETH) layer-2 scaling solution Blast Network, leading to the theft of $4.6 million worth of tokens. The attacker exploited a vulnerability that allowed them to double their tokens by transferring their holdings to themselves. The SSS team has paused token transfers and is working with a white hat hacker to recover the stolen funds. Blast has also been facing criticism for its lack of security, with Polygon Labs developer relations engineer Jarrod Watts warning about the risks of the platform.

Unidentified Attacker Exploits Ethereum Layer-2 Solution Blast Network, Leading to Multi-Million Dollar Theft

An unknown entity has successfully exploited a Telegram-based game, Super Sushi Samurai (SSS), which operates on the recently launched Ethereum (ETH) layer-2 scaling solution Blast Network. The incident has resulted in the theft of tokens worth approximately $4.6 million, prompting the project team to halt token transfers while they investigate the vulnerability.

According to a post on social media platform X, the SSS team stated that the attack was "mint related" and involved the unauthorized minting and subsequent sale of tokens into the liquidity pool (LP).

Security firm CertiK has independently confirmed the attack and the value of the stolen tokens. However, a crucial twist emerged in the investigation when it was discovered that the exploitation was a "white hat rescue." In white hat rescues, individuals or groups uncover vulnerabilities in protocols to expose potential risks, rather than exploiting them for personal gain.

The SSS team has confirmed communication with the white hat attacker and is actively working on the safe return of the stolen funds. A detailed update and post-mortem analysis will be released once the investigation is complete.

Blast Network, which launched its mainnet just weeks prior to the attack, has faced criticism from the crypto community. In November, Polygon Labs developer relations engineer Jarrod Watts expressed concerns about the platform's potential risks. Watts emphasized the dependence on a select group of individuals (in this case, 3-5) to stake funds and the absence of a withdrawal mechanism, highlighting the trust-based nature of the platform.

The SSS attack serves as a stark reminder of the potential vulnerabilities associated with innovative technologies in the fast-evolving blockchain industry. It underscores the necessity for thorough security audits, transparent communication, and robust safeguards to protect user funds and prevent similar incidents in the future.