460 萬美元爆炸：Super Sushi Samurai 漏洞凸顯 DApp 安全性的毀滅性風險

Super Sushi Samurai 是一款基於 Blast Layer-2 構建的區塊鏈遊戲，在發布前幾個小時就遭受了 460 萬美元的攻擊，引發了人們對 DApp 安全性的擔憂。該事件涉及一名白帽駭客，他發現了雙重支出故障，導致代幣拋售和價格下跌 99%。儘管駭客表面上是為了方便補償而表現出良好的意圖，但該漏洞利用給該項目的首次亮相蒙上了陰影，並凸顯了 Blast 生態系統中安全漏洞的令人擔憂的趨勢。

$4.6 Million Blast: Super Sushi Samurai Exploit Casts Shadow on DApp Security

460 萬美元爆炸：Super Sushi Samurai 漏洞為 DApp 安全帶來陰影

In a catastrophic turn of events, Super Sushi Samurai (SSS), a highly anticipated blockchain game built on the Blast layer-2 solution, has fallen prey to a devastating exploit that has syphoned off a staggering $4.6 million. Just hours before the scheduled launch of its gaming product, this incident has sent shockwaves through the project and raised serious concerns about the security of decentralized applications (DApps).

在一場災難性的事件中，Super Sushi Samurai (SSS) 是一款備受期待的基於Blast 第2 層解決方案構建的區塊鏈遊戲，卻遭到了毀滅性的攻擊，損失了驚人的460 萬美元。就在其遊戲產品預定發布前幾個小時，這一事件在整個項目中引起了震動，並引發了人們對去中心化應用程式（DApp）安全性的嚴重擔憂。

Million-Dollar Drain: A White Hat's Cry for Help

百萬美元流失：白帽子的求助

The GameFi project Super Sushi Samurai, which operates on Coinbase's Base layer-2 blockchain and the Telegram messaging app, suffered a $4.8 million withdrawal on March 21st. This unauthorized withdrawal was executed by an individual posing as a "white hat hacker" who had discovered a critical vulnerability in the system.

GameFi 專案 Super Sushi Samurai 在 Coinbase 的 Base Layer-2 區塊鏈和 Telegram 訊息應用程式上運行，3 月 21 日遭受了 480 萬美元的提款。這次未經授權的提款是由一個冒充「白帽駭客」的人執行的，他發現了系統中的一個嚴重漏洞。

According to cybersecurity firm Certik, the perpetrator exploited a double-spending glitch in the token contract, repeatedly doubling their balance and liquidating it for a total of 1310 ETH (approximately $4.59 million) from the token's primary liquidity pool. The SSS token plunged in value by a staggering 99% following the token dump.

據網路安全公司 Certik 稱，犯罪者利用代幣合約中的雙重支出漏洞，反覆將其餘額翻倍，並從代幣的主要流動性池中清算總計 1310 ETH（約 459 萬美元）。在代幣拋售後，SSS 代幣的價值暴跌了 99%。

Exploit Details Unveiled: A Mint Malfunction

漏洞利用細節揭曉：Mint 故障

SSS has since released details of the exploit, revealing that the attacker abused a flaw in the minting process. The attacker purchased 690 million SSS tokens, transferred the entire balance to themselves, and repeatedly doubled the balance 25 times, resulting in a total of 11.5 trillion SSS tokens. These tokens were then sold for 1,310 ETH.

SSS 此後發布了該漏洞的詳細信息，揭示了攻擊者濫用了鑄造過程中的一個缺陷。攻擊者購買了 6.9 億個 SSS 代幣，將全部餘額轉給自己，並反覆將餘額翻倍 25 次，總計 11.5 兆個 SSS 代幣。這些代幣隨後以 1,310 ETH 的價格出售。

In a message left on the blockchain, the alleged "white hat hacker" claimed to be attempting to salvage the situation and requested cooperation from the SSS team in reimbursing affected users. However, this claim is overshadowed by the fact that the individual's actions directly led to the loss of $4.8 million.

在區塊鏈上留下的訊息中，所謂的「白帽駭客」聲稱正在試圖挽救局勢，並請求 SSS 團隊合作補償受影響的用戶。然而，這一說法被該個人的行為直接導致 480 萬美元損失的事實所掩蓋。

SSS Team Responds: Collaboration in Crisis

SSS 團隊回應：危機中的合作

Despite the setback, the SSS team has been actively engaged with the community, providing updates and reassurances through its official Telegram channel and social media platforms. The team has acknowledged the bug in the token contract and is working to mitigate the damage.

儘管遭遇挫折，SSS 團隊一直積極與社群互動，透過其官方 Telegram 頻道和社群媒體平台提供最新資訊和保證。該團隊已經承認代幣合約中存在錯誤，並正在努力減輕損失。

Blast Ecosystem Hampered by Security Woes

Blast 生態系統受到安全問題的阻礙

The Super Sushi Samurai exploit is not an isolated incident within the Blast ecosystem. In February, the Blast-based gambling project RiskOnBlast came under fire for allegedly scamming investors out of 420 ether ($1.29 million) during a token presale. The project abruptly disappeared, leaving over 750 victims with significant financial losses.

Super Sushi Samurai 漏洞並不是 Blast 生態系統中的一個孤立事件。今年 2 月，基於 Blast 的賭博項目 RiskOnBlast 因涉嫌在代幣預售期間騙取投資者 420 以太幣（129 萬美元）而受到批評。該項目突然消失，對 750 多名受害者造成重大經濟損失。

Even with the impressive $2.3 billion in deposits generated by Blast's mainnet launch, the platform has been plagued by security vulnerabilities. Just a month prior to the SSS exploit, the ERC-X token Miner suffered a catastrophic 99% crash due to a similar double-spending glitch, resulting in over $10 million in user losses.

儘管 Blast 主網的推出帶來了令人印象深刻的 23 億美元存款，但該平台仍受到安全漏洞的困擾。就在 SSS 漏洞發生前一個月，ERC-X 代幣 Miner 因類似的雙花故障而遭遇了災難性的 99% 崩潰，導致用戶損失超過 1000 萬美元。

The Fallout: Security Concerns and Investor Confidence

後果：安全擔憂和投資者信心

The Super Sushi Samurai exploit raises serious questions about the security of DApps and the robustness of blockchain protocols. Exploits of this magnitude can erode investor confidence and hinder the adoption of tokenized applications.

Super Sushi Samurai 漏洞引發了有關 DApp 安全性和區塊鏈協議穩健性的嚴重問題。如此大規模的漏洞可能會削弱投資者的信心並阻礙代幣化應用程式的採用。

Blockchain developers and security analysts must prioritize enhanced code auditing and robust security measures to prevent such vulnerabilities from being exploited. The Blast ecosystem, in particular, needs to address its string of security incidents to restore trust among users and investors.

區塊鏈開發人員和安全分析師必須優先考慮增強的程式碼審核和強大的安全措施，以防止此類漏洞被利用。 Blast 生態系統尤其需要解決一系列安全事件，以恢復用戶和投資者之間的信任。

As the blockchain gaming and DeFi sectors continue to evolve, it is imperative that all stakeholders prioritize security and transparency to ensure that users and investors can participate in these ecosystems with confidence.

隨著區塊鏈遊戲和 DeFi 領域的不斷發展，所有利益相關者都必須優先考慮安全性和透明度，以確保用戶和投資者能夠放心參與這些生態系統。